CVE-2020-10965

Published: Mar 25, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2.

Affected (2)

Products: Teradici: Pcoip Management Console

1 product

Pcoip Management Console

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Teradici Pcoip Management Console	Version 19.11.1
Teradici Pcoip Management Console	Version 20.01.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://healdb.tech/blog.html

Source: cve@mitre.org

ExploitVendor Advisory

https://help.teradici.com/s/article/3729

Source: cve@mitre.org

PatchVendor Advisory

https://healdb.tech/blog.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://help.teradici.com/s/article/3729

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.