CVE-2020-13173

Published: May 28, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.

Affected (2)

Products: Teradici: Pcoip Graphics Agent, Pcoip Standard Agent

2 products

Pcoip Graphics Agent

Pcoip Standard Agent

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Teradici Pcoip Graphics Agent	Up to 19.11.1
Teradici Pcoip Standard Agent	Up to 19.11.1

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (2)

https://advisory.teradici.com/security-advisories/55/

Source: security@teradici.com

Vendor Advisory

https://advisory.teradici.com/security-advisories/55/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.