CVE-2020-13179

Published: Aug 11, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.

Affected (2)

Products: Teradici: Graphics Agent, Pcoip Standard Agent

2 products

Pcoip Standard Agent

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Teradici Graphics Agent	Before 20.04.1
Teradici Pcoip Standard Agent	Before 20.04.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References (2)

https://advisory.teradici.com/security-advisories/60/

Source: security@teradici.com

Vendor Advisory

https://advisory.teradici.com/security-advisories/60/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.