CVE-2022-24882
Summary
| CVE | CVE-2022-24882 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-26 16:15:00 UTC |
| Updated | 2023-11-07 03:44:00 UTC |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fedoraproject | Extra Packages For Enterprise Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Application | Freerdp | Freerdp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 36 Update: freerdp-2.7.0-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| FreeRDP: Multiple Vulnerabilities (GLSA 202210-24) — Gentoo security | GENTOO | security.gentoo.org | |
| Can open a rdp session without username and password (#95) · Issues · GNOME / gnome-remote-desktop · GitLab | MISC | gitlab.gnome.org | |
| [SECURITY] Fedora 35 Update: freerdp-2.7.0-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: freerdp-2.7.0-1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Server side NTLM does not properly check parameters · Advisory · FreeRDP/FreeRDP · GitHub | CONFIRM | github.com | |
| Release Release 2.7.0 · FreeRDP/FreeRDP · GitHub | MISC | github.com | |
| Ntlm backport by akallabeth · Pull Request #7750 · FreeRDP/FreeRDP · GitHub | MISC | github.com | |
| [SECURITY] Fedora 36 Update: freerdp-2.7.0-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: freerdp-2.7.0-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: freerdp-2.7.0-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182288 Debian Security Update for freerdp2 (CVE-2022-24882)
- 198818 Ubuntu Security Notification for FreeRDP Vulnerabilities (USN-5461-1)
- 282672 Fedora Security Update for freerdp (FEDORA-2022-b0a47f8060)
- 282673 Fedora Security Update for freerdp (FEDORA-2022-a3e03a200b)
- 282727 Fedora Security Update for freerdp (FEDORA-2022-dc48a89918)
- 710666 Gentoo Linux FreeRDP Multiple Vulnerabilities (GLSA 202210-24)
- 752334 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:2352-1)
- 753105 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:2353-1)
- 753200 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:2354-1)