CVE-2024-42458 (CVSS 9.8) – New Security Vulnerability in Neat VNC: Urgent Patch Released
Neat VNC, a popular open-source VNC server library used for remote desktop access and screen sharing, has been found vulnerable to a security vulnerability (CVE-2024-42458, CVSS 9.8). This flaw could allow attackers to bypass authentication and gain unauthorized access to systems running affected versions of Neat VNC.
CVE-2024-42458 is a serious security vulnerability found in the server.c file of Neat VNC versions prior to 0.8.1. This vulnerability stems from the improper validation of the security type, a flaw that can potentially allow remote attackers to bypass authentication mechanisms. This issue mirrors the older CVE-2006-2369 vulnerability, which affected RealVNC 4.1.1 and similar products, allowing attackers to specify an insecure security type and bypass authentication.
Last week, the project maintainer responded swiftly by releasing version 0.8.1 of Neat VNC, which includes a crucial fix for this vulnerability. The changelog for this release explicitly states that it addresses the security flaw and package maintainers are strongly advised to upgrade their systems as soon as possible to mitigate potential risks.
The vulnerability was reported by security researchers Dane Bouchie and Travis Wise.
Given the critical nature of CVE-2024-42458, all users and administrators of Neat VNC must update to version 0.8.1 without delay. The update is crucial in preventing potential exploitation and ensuring the security and integrity of systems utilizing Neat VNC.
