Search criteria
9 vulnerabilities found for graphics_agent by teradici
FKIE_CVE-2020-13179
Vulnerability from fkie_nvd - Published: 2020-08-11 19:15 - Updated: 2024-11-21 05:00
Severity ?
Summary
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teradici | graphics_agent | * | |
| teradici | pcoip_standard_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "14D4B030-1438-47EC-AA0A-1E74CFFA34E3",
"versionEndExcluding": "20.04.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C746FBCC-92C4-40BA-9C88-0C9FD3494932",
"versionEndExcluding": "20.04.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
},
{
"lang": "es",
"value": "Los mensajes de Broker Protocol en Teradici PCoIP Standard Agent para Windows y Graphics Agent para Windows versiones anteriores a la 20.04.1, no son limpiados en la memoria del servidor, lo que puede permitir a un atacante leer informaci\u00f3n confidencial de un volcado de memoria forzando un bloqueo durante el procedimiento inicio de sesi\u00f3n \u00fanico"
}
],
"id": "CVE-2020-13179",
"lastModified": "2024-11-21T05:00:48.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T19:15:17.313",
"references": [
{
"source": "security@teradici.com",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"sourceIdentifier": "security@teradici.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@teradici.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-13178
Vulnerability from fkie_nvd - Published: 2020-08-11 18:15 - Updated: 2024-11-21 05:00
Severity ?
Summary
A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teradici | graphics_agent | * | |
| teradici | pcoip_standard_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "14D4B030-1438-47EC-AA0A-1E74CFFA34E3",
"versionEndExcluding": "20.04.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C746FBCC-92C4-40BA-9C88-0C9FD3494932",
"versionEndExcluding": "20.04.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
},
{
"lang": "es",
"value": "Una funci\u00f3n en el Teradici PCoIP Standard Agent para Windows y el Graphics Agent para Windows anterior a la versi\u00f3n 20.04.1, no comprueba correctamente la firma de un binario externo, lo que podr\u00eda permitir a un atacante alcanzar privilegios elevados mediante una ejecuci\u00f3n en el contexto del proceso de PCoIP Agent"
}
],
"id": "CVE-2020-13178",
"lastModified": "2024-11-21T05:00:48.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T18:15:12.800",
"references": [
{
"source": "security@teradici.com",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"sourceIdentifier": "security@teradici.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "security@teradici.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-13177
Vulnerability from fkie_nvd - Published: 2020-08-11 18:15 - Updated: 2024-11-21 05:00
Severity ?
Summary
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
References
| URL | Tags | ||
|---|---|---|---|
| security@teradici.com | https://advisory.teradici.com/security-advisories/60/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisory.teradici.com/security-advisories/60/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teradici | graphics_agent | * | |
| teradici | pcoip_standard_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "14D4B030-1438-47EC-AA0A-1E74CFFA34E3",
"versionEndExcluding": "20.04.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C746FBCC-92C4-40BA-9C88-0C9FD3494932",
"versionEndExcluding": "20.04.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
},
{
"lang": "es",
"value": "El paquete de soporte en Teradici PCoIP Standard Agent para Windows y Graphics Agent para Windows versiones anteriores a 20.04.1 y 20.07.0, no usa rutas embebidas para determinados binarios de Windows, lo que permite a un atacante alcanzar privilegios elevados mediante una ejecuci\u00f3n de un binario malicioso colocado en la ruta del sistema"
}
],
"id": "CVE-2020-13177",
"lastModified": "2024-11-21T05:00:48.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T18:15:12.677",
"references": [
{
"source": "security@teradici.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"sourceIdentifier": "security@teradici.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@teradici.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-13179 (GCVE-0-2020-13179)
Vulnerability from cvelistv5 – Published: 2020-08-11 18:06 – Updated: 2024-08-04 12:11
VLAI?
Summary
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Exposure of Sensitive Information (CWE-200)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows |
Affected:
PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T18:06:27",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"version": {
"version_data": [
{
"version_value": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/60/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/60/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13179",
"datePublished": "2020-08-11T18:06:27",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13178 (GCVE-0-2020-13178)
Vulnerability from cvelistv5 – Published: 2020-08-11 17:50 – Updated: 2024-08-04 12:11
VLAI?
Summary
A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.
Severity ?
No CVSS data available.
CWE
- CWE-345 - Insufficient Verification of Data Authenticity (CWE-345)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows |
Affected:
PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity (CWE-345)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T17:50:43",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"version": {
"version_data": [
{
"version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity (CWE-345)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/60/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/60/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13178",
"datePublished": "2020-08-11T17:50:43",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13177 (GCVE-0-2020-13177)
Vulnerability from cvelistv5 – Published: 2020-08-11 17:47 – Updated: 2024-08-04 12:11
VLAI?
Summary
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
Severity ?
No CVSS data available.
CWE
- CWE-427 - Uncontrolled Search Path Element (CWE-427)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows |
Affected:
PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element (CWE-427)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T17:47:23",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"version": {
"version_data": [
{
"version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Search Path Element (CWE-427)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/60/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/60/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13177",
"datePublished": "2020-08-11T17:47:23",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13179 (GCVE-0-2020-13179)
Vulnerability from nvd – Published: 2020-08-11 18:06 – Updated: 2024-08-04 12:11
VLAI?
Summary
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Exposure of Sensitive Information (CWE-200)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows |
Affected:
PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T18:06:27",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"version": {
"version_data": [
{
"version_value": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/60/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/60/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13179",
"datePublished": "2020-08-11T18:06:27",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13178 (GCVE-0-2020-13178)
Vulnerability from nvd – Published: 2020-08-11 17:50 – Updated: 2024-08-04 12:11
VLAI?
Summary
A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.
Severity ?
No CVSS data available.
CWE
- CWE-345 - Insufficient Verification of Data Authenticity (CWE-345)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows |
Affected:
PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity (CWE-345)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T17:50:43",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"version": {
"version_data": [
{
"version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity (CWE-345)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/60/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/60/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13178",
"datePublished": "2020-08-11T17:50:43",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13177 (GCVE-0-2020-13177)
Vulnerability from nvd – Published: 2020-08-11 17:47 – Updated: 2024-08-04 12:11
VLAI?
Summary
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
Severity ?
No CVSS data available.
CWE
- CWE-427 - Uncontrolled Search Path Element (CWE-427)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows |
Affected:
PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element (CWE-427)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T17:47:23",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/60/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
"version": {
"version_data": [
{
"version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Search Path Element (CWE-427)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/60/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/60/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13177",
"datePublished": "2020-08-11T17:47:23",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}