CVE-2020-13177

Published: Aug 11, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.

Affected (2)

Products: Teradici: Graphics Agent, Pcoip Standard Agent

2 products

Pcoip Standard Agent

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Teradici Graphics Agent	Before 20.04.1
Teradici Pcoip Standard Agent	Before 20.04.1

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://advisory.teradici.com/security-advisories/60/

Source: security@teradici.com

PatchVendor Advisory

https://advisory.teradici.com/security-advisories/60/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.