What is it?
Virtual Network Computing (VNC) is a platform-independent remote desktop control system. There are numerous VNC implementations (LibVNC, TightVNC, UltraVNC, etc.) which run on Windows, Linux, macOS, iOS, Android and other operating systems. VNC uses port 5900 or 5800.
VNC is used for work-from-home scenarios and for remote troubleshooting and maintenance by IT professionals.
Why is it a risk?
Because it is ubiquitous and powerful, VNC has had several vulnerabilities exposed. The BleepingComputer link below lists 37 such vulnerabilities, affecting four VNC products. Most of these allow an attacker to execute code on the remote computer.
How can you mitigate the risk?
- Write firewall rules that block Internet traffic to ports 5800 and 5900 except for authorized IP or MAC addresses.
- Maintain all remote access software (including VNC) at the latest release version.
- Use strong passwords.
- Do not connect to untrusted VNC servers.
Resources:
BleepingComputer VNC vulnerabilities
https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/
Kaspersky VNC vulnerability research
https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/
