Cyber Resilience

CVE-2022-23613

High

Published: 07 February 2022

Published
07 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0038 59.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-23613 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Neutrinolabs Xrdp. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 40.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute…

more

code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

neutrinolabs
xrdp
0.9.17, 0.9.18
fedoraproject
fedora
34, 35

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References