Privilege escalation on xrdp
CVE-2022-23613

7.8HIGH

Key Information:

Vendor

Neutrinolabs

Status
Xrdp
Vendor
CVE Published:
7 February 2022

What is CVE-2022-23613?

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.

Affected Version(s)

xrdp >= 0.9.17, < 0.9.18.1

References

https://github.com/neutrinolabs/xrdp/security/advisories/...
x_refsource_CONFIRM
https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea44...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.