cbcvebase.
CVE-2021-36158
published 2021-07-05

CVE-2021-36158: In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA…

PriorityP425medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.35%
26.6th percentile
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.

Affected

5 ranges
VendorProductVersion rangeFixed in
alpinelinuxaports<= 3.14
debianxrdp
linuxlinux_kernel>= 0 < 4.15.0-137.1414.15.0-137.141
linuxlinux_kernel>= 0 < 5.4.0-67.755.4.0-67.75
neutrinolabsxrdp>= 0 < 0.9.11-r10.9.11-r1

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.7MEDIUM
vendor_debian5.9LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.