Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for graphics_agent by teradici

    CVE-2020-13179 (GCVE-0-2020-13179)

    Vulnerability from cvelistv5 – Published: 2020-08-11 18:06 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Exposure of Sensitive Information (CWE-200)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows Affected: PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://advisory.teradici.com/security-advisories/60/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information (CWE-200)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T18:06:27.000Z",
            "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
            "shortName": "Teradici"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://advisory.teradici.com/security-advisories/60/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@teradici.com",
              "ID": "CVE-2020-13179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exposure of Sensitive Information (CWE-200)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://advisory.teradici.com/security-advisories/60/",
                  "refsource": "MISC",
                  "url": "https://advisory.teradici.com/security-advisories/60/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "assignerShortName": "Teradici",
        "cveId": "CVE-2020-13179",
        "datePublished": "2020-08-11T18:06:27.000Z",
        "dateReserved": "2020-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13178 (GCVE-0-2020-13178)

    Vulnerability from cvelistv5 – Published: 2020-08-11 17:50 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.
    Severity
    No CVSS data available.
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity (CWE-345)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows Affected: PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://advisory.teradici.com/security-advisories/60/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "Insufficient Verification of Data Authenticity (CWE-345)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T17:50:43.000Z",
            "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
            "shortName": "Teradici"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://advisory.teradici.com/security-advisories/60/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@teradici.com",
              "ID": "CVE-2020-13178",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient Verification of Data Authenticity (CWE-345)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://advisory.teradici.com/security-advisories/60/",
                  "refsource": "MISC",
                  "url": "https://advisory.teradici.com/security-advisories/60/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "assignerShortName": "Teradici",
        "cveId": "CVE-2020-13178",
        "datePublished": "2020-08-11T17:50:43.000Z",
        "dateReserved": "2020-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13177 (GCVE-0-2020-13177)

    Vulnerability from cvelistv5 – Published: 2020-08-11 17:47 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element (CWE-427)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows Affected: PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://advisory.teradici.com/security-advisories/60/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element (CWE-427)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T17:47:23.000Z",
            "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
            "shortName": "Teradici"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://advisory.teradici.com/security-advisories/60/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@teradici.com",
              "ID": "CVE-2020-13177",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Search Path Element (CWE-427)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://advisory.teradici.com/security-advisories/60/",
                  "refsource": "MISC",
                  "url": "https://advisory.teradici.com/security-advisories/60/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "assignerShortName": "Teradici",
        "cveId": "CVE-2020-13177",
        "datePublished": "2020-08-11T17:47:23.000Z",
        "dateReserved": "2020-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13179 (GCVE-0-2020-13179)

    Vulnerability from nvd – Published: 2020-08-11 18:06 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Exposure of Sensitive Information (CWE-200)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows Affected: PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://advisory.teradici.com/security-advisories/60/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information (CWE-200)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T18:06:27.000Z",
            "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
            "shortName": "Teradici"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://advisory.teradici.com/security-advisories/60/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@teradici.com",
              "ID": "CVE-2020-13179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exposure of Sensitive Information (CWE-200)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://advisory.teradici.com/security-advisories/60/",
                  "refsource": "MISC",
                  "url": "https://advisory.teradici.com/security-advisories/60/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "assignerShortName": "Teradici",
        "cveId": "CVE-2020-13179",
        "datePublished": "2020-08-11T18:06:27.000Z",
        "dateReserved": "2020-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13178 (GCVE-0-2020-13178)

    Vulnerability from nvd – Published: 2020-08-11 17:50 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.
    Severity
    No CVSS data available.
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity (CWE-345)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows Affected: PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://advisory.teradici.com/security-advisories/60/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "Insufficient Verification of Data Authenticity (CWE-345)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T17:50:43.000Z",
            "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
            "shortName": "Teradici"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://advisory.teradici.com/security-advisories/60/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@teradici.com",
              "ID": "CVE-2020-13178",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient Verification of Data Authenticity (CWE-345)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://advisory.teradici.com/security-advisories/60/",
                  "refsource": "MISC",
                  "url": "https://advisory.teradici.com/security-advisories/60/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "assignerShortName": "Teradici",
        "cveId": "CVE-2020-13178",
        "datePublished": "2020-08-11T17:50:43.000Z",
        "dateReserved": "2020-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13177 (GCVE-0-2020-13177)

    Vulnerability from nvd – Published: 2020-08-11 17:47 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element (CWE-427)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows Affected: PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://advisory.teradici.com/security-advisories/60/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element (CWE-427)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T17:47:23.000Z",
            "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
            "shortName": "Teradici"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://advisory.teradici.com/security-advisories/60/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@teradici.com",
              "ID": "CVE-2020-13177",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "PCoIP Standard Agent for Windows 20.04.0 and earlier, PCoIP Graphics Agent for Windows 20.04.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Search Path Element (CWE-427)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://advisory.teradici.com/security-advisories/60/",
                  "refsource": "MISC",
                  "url": "https://advisory.teradici.com/security-advisories/60/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "assignerShortName": "Teradici",
        "cveId": "CVE-2020-13177",
        "datePublished": "2020-08-11T17:47:23.000Z",
        "dateReserved": "2020-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }