Home

CVE-2022-24882

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.114

Associated Vulnerability

VulnerabilityOS Platform
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-client2-2_2.3.0+dfsg1-2ubuntu0.2_i386.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-client2-2_2.3.0+dfsg1-2ubuntu0.2_amd64.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-client2-2_2.6.1+dfsg1-3ubuntu2.1_i386.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-client2-2_2.6.1+dfsg1-3ubuntu2.2_amd64.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-client2-2_2.2.0+dfsg1-0ubuntu0.18.04.3_i386.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-client2-2_2.2.0+dfsg1-0ubuntu0.18.04.3_amd64.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-client2-2_2.2.0+dfsg1-0ubuntu0.20.04.3_amd64.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-server2-2_2.3.0+dfsg1-2ubuntu0.2_i386.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-server2-2_2.3.0+dfsg1-2ubuntu0.2_amd64.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-server2-2_2.6.1+dfsg1-3ubuntu2.1_i386.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-server2-2_2.6.1+dfsg1-3ubuntu2.1_amd64.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-server2-2_2.2.0+dfsg1-0ubuntu0.18.04.3_i386.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-server2-2_2.2.0+dfsg1-0ubuntu0.18.04.3_amd64.debLinux
RDP client for Windows Terminal Services (USN-5461-1) libfreerdp-server2-2_2.2.0+dfsg1-0ubuntu0.20.04.3_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234