ByteOS Network

NVD Vulnerability Details :

CVE-2020-13178

Analyzed

Source-security@teradici.com

Published At-11 Aug, 2020 | 18:15

Updated At-13 Aug, 2020 | 17:30

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

teradici>>graphics_agent>>Versions before 20.04.1(exclusive)

cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*

teradici>>pcoip_standard_agent>>Versions before 20.04.1(exclusive)

cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*

Weaknesses

CWE ID	Type	Source
CWE-345	Primary	nvd@nist.gov
CWE-345	Secondary	security@teradici.com

CWE ID: CWE-345

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-345

Type: Secondary

Source: security@teradici.com

References

Hyperlink	Source	Resource
https://advisory.teradici.com/security-advisories/60/	security@teradici.com	Vendor Advisory

Hyperlink: https://advisory.teradici.com/security-advisories/60/

Source: security@teradici.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History