How severe is CVE-2020-4044?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2020-4044?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2020-4044

HIGH Year: 2020

CVSS v3 Score

7.8

High

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-121

View all →

Vulnerability Description

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.

CVE-2014-8184

HIGH

CVSS:7.8(High)

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause appli...

CWE-1212014

CVE-2015-1007

HIGH

CVSS:7.8(High)

A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional vers...

CWE-1212015

CVE-2017-12188

HIGH

CVSS:7.8(High)

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest ...

CWE-1212017

CVE-2017-16739

HIGH

CVSS:7.8(High)

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allo...

CWE-1212017

CVE-2017-16751

HIGH

CVSS:7.8(High)

A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by pr...

CWE-1212017

CVE-2018-11463

HIGH

CVSS:7.8(High)

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions <...

CWE-1212018

CVE-2020-4044

Vulnerability Description

Related Vulnerabilities

CVE-2014-8184

CVE-2015-1007

CVE-2017-12188

CVE-2017-16739

CVE-2017-16751

CVE-2018-11463