CVE-2022-24750

Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server

Description

UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if winvnc needs to be started as a service.

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.07%
Third-Party Advisory github.com Third-Party Advisory github.com Third-Party Advisory github.com
Affected: ultravnc UltraVNC
Published at:
Updated at:

References

Link Tags
https://github.com/ultravnc/UltraVNC/security/advisories/GHSA-3mvp-cp5x-vj5g third party advisory
https://github.com/ultravnc/UltraVNC/commit/36a31b37b98f70c1db0428f5ad83170d604fb352 third party advisory patch
https://github.com/bowtiejicode/UltraVNC-DSMPlugin-LPE third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2022-24750?
CVE-2022-24750 has been scored as a high severity vulnerability.
How to fix CVE-2022-24750?
To fix CVE-2022-24750, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-24750 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-24750 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-24750?
CVE-2022-24750 affects ultravnc UltraVNC.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.