37 Découvert en vulnérabilités 4 VNC accès à distance Apps
CYBER NOUVELLES

37 Découvert en vulnérabilités 4 VNC accès à distance Apps

Un nouveau rapport révèle que Kaspersky quatre communes, open source VNC (informatique de réseau virtuel) des applications de bureau à distance contiennent 37 les vulnérabilités qui pourraient permettre aux attaques à distance.




Quatre applications VNC open source commune contiennent 37 vulnérabilités

The issue with desktop apps is that they can provide an entry point into a company’s infrastructure, which becomes even easier if the remote access tools are vulnerable, the researchers pointed out in their report.

Knowing these risks, the researchers decided to look into four common open-source VNC apps:

  • LibVNC — a library, à savoir, a set of ready-made code snippets on which basis developers can create apps; LibVNC is used, par exemple, in systems that allow remote connections to virtual machines, as well as iOS and Android mobile devices.
  • TightVNC 1.X — an application recommended by vendors of industrial automation systems for connecting to a human–machine interface (HMI).
  • TurboVNC — a VNC implementation for remote work with graphic, 3D, and video objects.
  • UltraVNC — a VNC variant built specifically for Windows; it is also widely used in industrial production for connecting to HMIs.

Sans surprise, the experts discovered vulnerabilities in all four implementations. One vulnerability was discovered in TurboVNC, four in TightVNC, ten in LibVNC, et 22 in UlraVNC, which makes the total of 37 vulnérabilités.

All the issues stem from incorrect memory usage, and their exploitation could lead to malfunctions and denial-of-service attacks. Cependant, in a worse scenario, attackers could be able to gain unauthorized access to information on the system, or even drop malware.

en relation: 13 Fournisseurs de services gérés par Hit Ransomware dans 2019

The bugs were reported to the developers of the respective software libraries and apps, and most of them have already been fixed. Cependant, the developers of TightVNC don’t support the first version of their system anymore, and hence they didn’t fix the vulnerabilities. "This is a weighty reason to consider moving to another VNC platform,» Les chercheurs.

Additional trouble may come from the fact that vulnerable code is used in many open-source projects, and not all developers implement library updates. Such apps will remain vulnerable unless their developers update the vulnerable code, which may not happen at all.

More information about the vulnerabilities is available in Kaspersky’s ICS CERT report.

Although the focus of the research was on the use of VNC in industrial enterprises, the threats are relevant to any business that deploys this technology, Kaspersky noted.

Milena Dimitrova

Milena Dimitrova

Un écrivain inspiré et gestionnaire de contenu qui a été avec SensorsTechForum depuis le début. Axé sur la vie privée des utilisateurs et le développement des logiciels malveillants, elle croit fermement dans un monde où la cybersécurité joue un rôle central. Si le bon sens n'a pas de sens, elle sera là pour prendre des notes. Ces notes peuvent se tourner plus tard dans les articles! Suivre Milena @Milenyim

Plus de messages

Suivez-moi:
Gazouillement

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont marqués *

Délai est épuisé. S'il vous plaît recharger CAPTCHA.

Partager sur Facebook Partager
Loading ...
Partager sur Twitter Tweet
Loading ...
Partager sur Google Plus Partager
Loading ...
Partager sur Linkedin Partager
Loading ...
Partager sur Digg Partager
Partager sur Reddit Partager
Loading ...
Partager sur Stumbleupon Partager
Loading ...