Lucene search

TalosCVE-2017-2838

HistoryApr 24, 2018 - 7:29 p.m.

CVE-2017-2838

2018-04-2419:29:02

CWE-190

talos

web.nvd.nist.gov

cve-2017-2838

freerdp

denial of service

vulnerability

nvd

exploit

challenge packets

termination

server compromise

man in the middle

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

freerdpfreerdpMatch2.0.0beta1

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

VendorProductVersionCPE
freerdpfreerdp2.0.0cpe:2.3:a:freerdp:freerdp:2.0.0:beta1:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freerdp	freerdp	2.0.0	cpe:2.3:a:freerdp:freerdp:2.0.0:beta1::::::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*

CNA Affected

[
  {
    "product": "FreeRDP",
    "vendor": "FreeRDP",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.0-beta1+android11 - Windows, OSX, Linux"
      }
    ]
  }
]