CVE-2024-42049
published 2024-07-28CVE-2024-42049: TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.
PriorityP263critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
2.15%
79.8th percentile
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for remote named pipe connections to TightVNC control pipes (\pipe\TightVNC_Service_Control and \pipe\TightVNC_Application_Control_On_Session*) originating from non-local network sources, which indicates exploitation of CVE-2024-42049. ↗
- →Hunt for processes on Windows hosts that open named pipe handles to TightVNC control pipes from unexpected parent processes or remote sessions, particularly those issuing the shutdown (0x07) or get-config (0x12) commands. ↗
- ·The vulnerability affects TightVNC Server for Windows versions before 2.8.84. The PoC was tested against versions 2.5.10 and 2.8.81; version 2.8.84 is the patched release. ↗
- ·The exploit uses an optional 'offset' parameter (default 30) when decrypting passwords from the GET_CONFIG response; defenders should be aware that password extraction is a post-exploitation capability of this attack. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2024-07-28
Published