Lucene search

K
redhatcveRedhat.comRH:CVE-2022-39282
HistoryOct 14, 2022 - 6:29 a.m.

CVE-2022-39282

2022-10-1406:29:01
redhat.com
access.redhat.com
21
freerdp
vulnerability
remote access
sensitive information
unix systems
parallel command line switch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.8%

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client’s server. The vulnerability allows a remote attacker to gain access to sensitive information.

Mitigation

Workaround: Do not use parallel port redirection (/parallel command line switch)

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.8%