CVE-2023-40184

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 30, 2023
Updated: Sep 15, 2023
CWE ID 755

Summary

CVE-2023-40184 is a vulnerability affecting the xrdp open source remote desktop protocol server before version 0.9.23. This issue involves improper handling of session establishment errors, enabling bypassing of OS-level session restrictions. Specifically, the `auth_start_session` function may return a non-zero value on PAM errors, potentially circumventing limits set in configurations like /etc/security/limits.conf. Users not employing PAM-enforced restrictions are not susceptible. To mitigate this risk, it is strongly recommended that users upgrade to version 0.9.23. Currently, there are no known workarounds for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share