CVE-2020-13179 - OpenCVE

Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Teradici	Pcoip Standard Agent Graphics Agent

Configuration 1 [-]

OR	cpe:2.3:a:teradici:graphics_agent::::::windows::*
	cpe:2.3:a:teradici:pcoip_standard_agent::::::windows::*

References

Link	Resource
https://advisory.teradici.com/security-advisories/60/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Teradici

Published: 2020-08-11T18:06:27

Updated: 2020-08-11T18:06:27

Reserved: 2020-05-19T00:00:00

Link: CVE-2020-13179

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-11T19:15:17.313

Modified: 2021-11-04T16:10:05.327

Link: CVE-2020-13179

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information (CWE-200)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-11T18:06:27", "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be", "shortName": "Teradici"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://advisory.teradici.com/security-advisories/60/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@teradici.com", "ID": "CVE-2020-13179", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows", "version": {"version_data": [{"version_value": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Exposure of Sensitive Information (CWE-200)"}]}]}, "references": {"reference_data": [{"name": "https://advisory.teradici.com/security-advisories/60/", "refsource": "MISC", "url": "https://advisory.teradici.com/security-advisories/60/"}]}}}}, "cveMetadata": {"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be", "assignerShortName": "Teradici", "cveId": "CVE-2020-13179", "datePublished": "2020-08-11T18:06:27", "dateReserved": "2020-05-19T00:00:00", "dateUpdated": "2020-08-11T18:06:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "14D4B030-1438-47EC-AA0A-1E74CFFA34E3", "versionEndExcluding": "20.04.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C746FBCC-92C4-40BA-9C88-0C9FD3494932", "versionEndExcluding": "20.04.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."}, {"lang": "es", "value": "Los mensajes de Broker Protocol en Teradici PCoIP Standard Agent para Windows y Graphics Agent para Windows versiones anteriores a la 20.04.1, no son limpiados en la memoria del servidor, lo que puede permitir a un atacante leer informaci\u00f3n confidencial de un volcado de memoria forzando un bloqueo durante el procedimiento inicio de sesi\u00f3n \u00fanico"}], "id": "CVE-2020-13179", "lastModified": "2021-11-04T16:10:05.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-11T19:15:17.313", "references": [{"source": "security@teradici.com", "tags": ["Vendor Advisory"], "url": "https://advisory.teradici.com/security-advisories/60/"}], "sourceIdentifier": "security@teradici.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@teradici.com", "type": "Secondary"}]}