Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-41975
CVE-2022-41975:
RealVNC Viewer vulnerability analysis and mitigation
Overview
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows contains a local privilege escalation vulnerability that can be exploited via MSI installer Repair mode (NVD, CVE Mitre).
Technical details
The vulnerability exists in the MSI installer's Repair mode functionality. When performing a repair operation, the installer executes files from the %TEMP% directory with SYSTEM privileges, which can be exploited for privilege escalation (NVD).
Impact
A successful exploitation of this vulnerability allows local attackers to elevate their privileges to SYSTEM level on affected Windows systems running vulnerable versions of RealVNC Server or Viewer (NVD).
Mitigation and workarounds
Users should upgrade RealVNC Server to version 6.11.0 or later and RealVNC Viewer to version 6.22.826 or later to address this vulnerability (RealVNC Help).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management