Lucene search

K

China National Vulnerability DatabaseCNVD-2022-78859

HistoryNov 18, 2022 - 12:00 a.m.

FreeRDP path traversal vulnerability

2022-11-1800:00:00

China National Vulnerability Database

www.cnvd.org.cn

6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

FreeRDP is an open source implementation of the Remote Desktop Protocol (RDP) from the FreeRDP team. FreeRDP is vulnerable to a path traversal vulnerability that stems from a lack of path normalization and basic path checking for the “drive” channel. An attacker could use this vulnerability to read files outside of the shared directory.

CPENameOperatorVersion
freerdp freerdplt2.9.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Related for CNVD-2022-78859

ubuntucve1 debiancve1 veracode1 osv5 prion1 alpinelinux1 redhatcve1 cve1 nessus18 openvas10 mageia1 altlinux1 redos1 slackware1 fedora2 freebsd1 ubuntu1 redhat2 amazon1 oraclelinux2 almalinux2 debian1 gentoo1