Specialists in a cyber security course have revealed the discovery of at least three critical security vulnerabilities in FreeRDP, a free Remote Desktop Protocol library. According to the report, successful exploitation of these security flaws would allow the deployment of various malicious scenarios, such as reading or writing out of bounds.
Below is a brief overview of the three reported security flaws, along with their respective score and identification key in the Common Vulnerability Scoring System (CVSS).
CVE-2020-13398: This flaw exists due to a limit error processing unreliable entries within the crypto_rsa_common() function in libfreerdp/crypto/crypto.c. Remote threat actors could send specially designed data to the vulnerable application, enable out-of-bounds writing, and execute arbitrary code on the target system.
The fault can be exploited remotely, so it received a score of 7.7/10 on the CVSS scale, making it a severe vulnerability. The flaw is present in FreeRDP version 2.1.0.
CVE-2020-13396: This vulnerability allows threat actors to gain access to sensitive information on the compromised system. The flaw exists due to a limit condition in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Remote hackers can trigger an out-of-bounds read flaw using a specially designed authentication message to access memory content.
According to the experts of the cyber security course, the flaw received a score of 3.8/10 on the CVSS scale, so it is considered a low severity vulnerability; the flaw is present in FreeRDP version 2.1.0.
CVE-2020-13397: This flaw exists due to a boundary condition within security_fips_decrypt in libfreerdp/core/security.c, and its exploitation would allow malicious hackers to gain access to sensitive information on the target system.
The vulnerability is also present in FreeRDP version 2.1.0 and received a score of 3.8/10 on the CVSS scale, so it is considered a low severity flaw, cyber security course experts mentioned.
While these vulnerabilities can be exploited remotely by unauthenticated users, their exploitation in real-world scenarios is complex, and no useful exploit has been reported to deploy any of these attacks, although this does not mean that companies should ignore such risks, the International Institute of Cyber Security (IICS) mentions.
In the case of these three vulnerabilities, FreeRDP developers have not yet commented on this, although they have already been notified. Although these are not particularly dangerous vulnerabilities, the next protocol update is expected to include some security fixes.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.