CVE-2022-24882

2022-04-2600:00:00

ubuntu.com

freerdp

rdp server

ntlm vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

73.8%

JSON

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In
versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not
properly abort when someone provides and empty password value. This issue
affects FreeRDP based RDP Server implementations. RDP clients are not
affected. The vulnerability is patched in FreeRDP 2.7.0. There are
currently no known workarounds.

Bugs

<https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreerdp< anyUNKNOWN
ubuntu16.04noarchfreerdp< anyUNKNOWN
ubuntu18.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.18.04.3UNKNOWN
ubuntu20.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.20.04.3UNKNOWN
ubuntu21.10noarchfreerdp2< 2.3.0+dfsg1-2ubuntu0.2UNKNOWN
ubuntu22.04noarchfreerdp2< 2.6.1+dfsg1-3ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	freerdp	< any	UNKNOWN
ubuntu	16.04	noarch	freerdp	< any	UNKNOWN
ubuntu	18.04	noarch	freerdp2	< 2.2.0+dfsg1-0ubuntu0.18.04.3	UNKNOWN
ubuntu	20.04	noarch	freerdp2	< 2.2.0+dfsg1-0ubuntu0.20.04.3	UNKNOWN
ubuntu	21.10	noarch	freerdp2	< 2.3.0+dfsg1-2ubuntu0.2	UNKNOWN
ubuntu	22.04	noarch	freerdp2	< 2.6.1+dfsg1-3ubuntu1	UNKNOWN