CVE-2022-23613 HIGH

CVE-2022-23613: Privilege escalation on xrdp

Vendor Neutrinolabs
Product xrdp
Weakness CWE-191
Published February 7, 2022
Last update April 23, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.

Key dates

02Disclosure timeline

February 7, 2022 CVE published
April 23, 2025 Record updated