CVE-2022-24882
freerdp2 - security update
7.5
HIGH
CVSS 3.1
EPSS 0.77%
Description
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
How to fix CVE-2022-24882
To remediate CVE-2022-24882, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.0+dfsg1-2+deb11u3 or later
- —upgrade to 2.3.0+dfsg1-2+deb11u3 or later
Is CVE-2022-24882 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.0+dfsg1-2+deb11u3
- from 0, < 2.3.0+dfsg1-2+deb11u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |