CVE-2022-23613
7.8
HIGH
CVSS 3.1
EPSS 0.38%
Description
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
How to fix CVE-2022-23613
To remediate CVE-2022-23613, upgrade the affected package to a fixed version below.
- —upgrade to 0.9.17-2.1 or later
Is CVE-2022-23613 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.9.17-2.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |