cbcvebase.
CVE-2023-40184
published 2023-08-30

CVE-2023-40184: xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing…

PriorityP334medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.73%
49.6th percentile
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianxrdp< xrdp 0.9.21.1-1+deb12u1 (bookworm)xrdp 0.9.21.1-1+deb12u1 (bookworm)
neutrinolabsxrdp< 0.9.230.9.23
neutrinolabsxrdp>= 0 < 0.9.21.1-1~deb11u20.9.21.1-1~deb11u2
neutrinolabsxrdp>= 0 < 0.9.21.1-1+deb12u10.9.21.1-1+deb12u1
neutrinolabsxrdp>= 0 < 0.9.24-20.9.24-2
neutrinolabsxrdp>= 0 < 0.9.24-20.9.24-2
neutrinolabsxrdp>= 0 < 0.6.0-1ubuntu0.1+esm30.6.0-1ubuntu0.1+esm3
neutrinolabsxrdp>= 0 < 0.6.1-2ubuntu0.3+esm30.6.1-2ubuntu0.3+esm3
neutrinolabsxrdp>= 0 < 0.9.5-2ubuntu0.1~esm20.9.5-2ubuntu0.1~esm2
neutrinolabsxrdp>= 0 < 0.9.12-1ubuntu0.1+esm10.9.12-1ubuntu0.1+esm1
neutrinolabsxrdp>= 0 < 0.9.17-2ubuntu2+esm10.9.17-2ubuntu2+esm1
ubuntuxrdp

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv9.8CRITICAL
vendor_ubuntu6.5MEDIUM
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.