Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers.
“These findings allow for elevation of privileges and ultimately remote code execution which could be used by a malicious attacker within the same network to gain full control over students’ computers,” the McAfee Labs Advanced Threat Research team said in an analysis.
The vulnerabilities, tracked as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020, after which the Denmark-based company fixed the issues in an update (version 9.7.2) released on February 25.
“Version 9.7.2 of Vision and Vision Pro is a maintenance release that addresses several vulnerabilities, such as escalating local privileges sending sensitive information in plain text,” the company stated in its release notes.
Netop counts half of the Fortune 100 companies among its customers and connects more than 3 million teachers and students with its software. Netop Vision Pro allows teachers to remotely perform tasks on students’ computers, such as monitoring and managing their screens in real time, restricting access to a list of allowed Web sites, launching applications, and even redirecting students’ attention when they are distracted.
images from Hacker News