Security testing course specialists report finding at least nine security vulnerabilities in FreeRDP, a free implementation of Remote Desktop Protocol (RDP) released under Apache license. According to the report, the successful exploitation of these flaws would allow out-of-bounds readings, use-after-free flaws, among other scenarios.
Below is a brief description of the reported flaws, in addition to their respective scores and identification keys according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-4030: A boundary condition in TrioParse would allow remote hackers to gain access to potentially sensitive information on attacked systems. The flaw received a score of 6.5/10.
CVE-2020-11099: A boundary condition in “license_read_new_or_upgrade_license_packet” would allow remote hackers to gain access to potentially sensitive information on the target system. The flaw received a score of 6.5/10.
CVE-2020-11098: A boundary condition in “glyph_cache_put” when the “+ glyph-cache” option is enabled allows remote hackers to access sensitive information from the target system. This flaw received a score of 6.5/10.
CVE-2020-11097: This flaw exists due to a boundary condition in “ntlm_av_pair_get”, allowing remote hackers to gain access to the system. The vulnerability received a score of 6.5/10.
CVE-2020-11096: A boundary condition in “update_read_cache_bitmap_v3_order” allows hackers to gain remote access to the target network. Security testing course specialists gave this vulnerability a score of 6.5/10.
CVE-2020-11095: A boundary condition in “update_recv_primary_order” allows hackers to gain remote access to user information. The vulnerability received a score of 6.5/10.
CVE-2020-4033: The vulnerability exists due to a boundary condition in RLEDECOMPRESS, allowing a remote attacker to gain access to potentially sensitive information. The vulnerability received a score of 6.5/10.
CVE-2020-4032: An integer conversion problem in “update_recv_secondary_order” allows remote hackers to obtain sensitive information on the target system. The flaw received a score of 6.5/10, security testing course experts mentioned.
CVE-2020-4031: The vulnerability exists due to a use-after-free flaw in “gdi_SelectObject” when using /relax-order-checks compatibility mode. A remote hacker could execute arbitrary code on the target system.
While these flaws can be exploited remotely by unauthenticated hackers, so far no attempts at exploitation have been reported in real-world scenarios. According to the International Institute of Cyber Security (IICS), the existence of a malware variant linked to the exploitation of these vulnerabilities has also not been detected.
FreeRDP developers began working on correcting these flaws immediately after receiving the report. Updates are now available, so deployment users should only verify their installation.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.