CVE-2023-27830: 
NixOS vulnerability analysis and mitigation

TightVNC before version 2.8.75 contains a privilege escalation vulnerability (CVE-2023-27830) discovered in March 2023. The vulnerability affects the Windows Desktop application, specifically version 2.8.63 and earlier versions. When a remote user connects to TightVNC, since the process runs in the backend as a high-privileged account, attackers can escalate privileges on the host operating system by replacing legitimate files with crafted files during file transfer operations (NestedIf Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.0 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H. The issue stems from improper privilege management (CWE-269) where the TightVNC service runs with elevated privileges while processing file transfers. This allows an authenticated remote user to manipulate file transfers to replace legitimate system files with malicious ones (NVD).

The vulnerability allows attackers to gain complete Administrator access on the target system. Even when the Windows account is locked, the vulnerability can still be exploited as the TightVNC service continues to run in the backend with elevated privileges. This enables attackers to achieve privilege escalation from a non-admin user to full administrative access (NestedIf Blog).

The vulnerability has been fixed in TightVNC version 2.8.75, released on February 18, 2023. The update includes fixes for file transfer security and blocks file transfers while the system is locked. Users are strongly encouraged to upgrade to version 2.8.75 or later to address this vulnerability (TightVNC News, TightVNC Changelog).