Lucene search

K
redhatcveRedhat.comRH:CVE-2022-39283
HistoryOct 14, 2022 - 6:29 a.m.

CVE-2022-39283

2022-10-1406:29:09
redhat.com
access.redhat.com
41
freerdp
vulnerability
information disclosure

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.4%

A vulnerability was found in FreeRDP where all clients using the /video command line switch might read uninitialized data, decode it as audio/video and display the result, leading to information disclosure.

Mitigation

Workaround: Do not use the /video switch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.4%