vulnerability
FreeBSD: VID-FC2A9541-8893-11EC-9D01-80EE73419AF3 (CVE-2022-23613): xrdp -- privilege escalation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jan 23, 2022 | Nov 4, 2022 | Nov 4, 2022 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 23, 2022
Added
Nov 4, 2022
Modified
Nov 4, 2022
Description
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
Solutions
freebsd-upgrade-package-xrdpfreebsd-upgrade-package-xrdp-devel
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.