Avaya One-X Agent: is the "winvnc.exe" necessary for proper operation or security vulnerability

Doc ID    SOLN250736
Version:    7.0
Status:    Published
Published date:    07 Mar 2023
Created Date:    27 May 2014
Author:   
gtefft
 

Details

OneX Agent

winvnc.exe

CVE-2006-2369 and CVE-2006-2450  --  ** Please note -- CVE's may not apply to Security question from customer,  However has been used by security scans in regards to winvnc.exe so is also being addressed in article since the same answer still applies

Problem Clarification

Security Scan indicated that there is an executable file winvnc.exe installed with OneX Agent. Can "winvnc.exe" be removed from One-X Agent installation or is it necessary for proper operation of the OneX Agent?

or

Security scan show the version winvnc.exe installed as part of One-X Agent to be vulnerable and should be upgraded to the latest version.
 

Cause

Security Scan or Security Vulnerability

Solution

One-X Agent version 2.5.16 Patch 10 has upgraded the VNC version to address this vulnerability.


Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy