Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-24883

Опубликовано: 26 апр. 2022
Источник: nvd
CVSS3: 7.4
CVSS3: 9.8
CVSS2: 6.8
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a SAM file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via HashCallback and/or ensure the SAM database path configured is valid and the application has file handles left.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Версия до 2.7.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

EPSS

Процентиль: 64%
0.00474
Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-287
CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2022-24883

CVSS3: 7.4
ubuntu
около 3 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.

redhat логотип

CVE-2022-24883

CVSS3: 9.8
redhat
около 3 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.

debian логотип

CVE-2022-24883

CVSS3: 7.4
debian
около 3 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...

fstec логотип

BDU:2022-06851

CVSS3: 9.8
fstec
около 3 лет назад

Уязвимость RDP-сервера FreeRDP, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти процесс аутентификации

suse-cvrf логотип

SUSE-SU-2022:2354-1

suse-cvrf
почти 3 года назад

Security update for freerdp

EPSS

Процентиль: 64%
0.00474
Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-287
CWE-287