CVE-2022-39347

Missing path sanitation with `drive` channel in FreeRDP

Severity Score

5.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.

FreeRDP es una librería y clientes de protocolos de escritorio remoto gratuitos. A las versiones afectadas de FreeRDP les falta la canonicalización de ruta y la verificación de ruta base para el canal `drive`. Un servidor malicioso puede engañar a un cliente basado en FreeRDP para que lea archivos fuera del directorio compartido. Este problema se solucionó en la versión 2.9.0 y se recomienda a todos los usuarios que actualicen. Los usuarios que no puedan actualizar no deben usar el interruptor de redirección `/drive`, `/drives` o `+home-drive`.

A directory traversal issue was discovered in FreeRDP. The vulnerability exists due to missing path canonicalization and base path check for the drive channel. A malicious server can trick a FreeRDP based client to read files outside of the shared directory. This issue allows an attacker to gain access to sensitive information.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-02 CVE Reserved
2022-11-16 CVE Published
2024-06-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (8)

URL	Tag	Source
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d	2024-01-12

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG	2024-01-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B	2024-01-12
https://security.gentoo.org/glsa/202401-16	2024-01-12
https://access.redhat.com/security/cve/CVE-2022-39347	2023-05-16
https://bugzilla.redhat.com/show_bug.cgi?id=2143647	2023-05-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freerdp Search vendor "Freerdp"		Freerdp Search vendor "Freerdp" for product "Freerdp"				< 2.9.0 Search vendor "Freerdp" for product "Freerdp" and version " < 2.9.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected