CVE-2020-13179 - OpenCVE

Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Teradici	Graphics Agent Pcoip Standard Agent

Configuration 1 [-]

OR	cpe:2.3:a:teradici:graphics_agent::::::windows::*
	cpe:2.3:a:teradici:pcoip_standard_agent::::::windows::*

No data.

References

Link	Providers
https://advisory.teradici.com/security-advisories/60/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Teradici

Published: 2020-08-11T18:06:27

Updated: 2024-08-04T12:11:19.479Z

Reserved: 2020-05-19T00:00:00

Link: CVE-2020-13179

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-11T19:15:17.313

Modified: 2021-11-04T16:10:05.327

Link: CVE-2020-13179

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information (CWE-200)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-11T18:06:27", "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be", "shortName": "Teradici"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://advisory.teradici.com/security-advisories/60/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@teradici.com", "ID": "CVE-2020-13179", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "- PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows", "version": {"version_data": [{"version_value": "PCoIP Standard Agent for Windows 20.04 and earlier, PCoIP Graphics Agent for Windows 20.04 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Exposure of Sensitive Information (CWE-200)"}]}]}, "references": {"reference_data": [{"name": "https://advisory.teradici.com/security-advisories/60/", "refsource": "MISC", "url": "https://advisory.teradici.com/security-advisories/60/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:11:19.479Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://advisory.teradici.com/security-advisories/60/"}]}]}, "cveMetadata": {"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be", "assignerShortName": "Teradici", "cveId": "CVE-2020-13179", "datePublished": "2020-08-11T18:06:27", "dateReserved": "2020-05-19T00:00:00", "dateUpdated": "2024-08-04T12:11:19.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "14D4B030-1438-47EC-AA0A-1E74CFFA34E3", "versionEndExcluding": "20.04.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C746FBCC-92C4-40BA-9C88-0C9FD3494932", "versionEndExcluding": "20.04.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."}, {"lang": "es", "value": "Los mensajes de Broker Protocol en Teradici PCoIP Standard Agent para Windows y Graphics Agent para Windows versiones anteriores a la 20.04.1, no son limpiados en la memoria del servidor, lo que puede permitir a un atacante leer informaci\u00f3n confidencial de un volcado de memoria forzando un bloqueo durante el procedimiento inicio de sesi\u00f3n \u00fanico"}], "id": "CVE-2020-13179", "lastModified": "2021-11-04T16:10:05.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-11T19:15:17.313", "references": [{"source": "security@teradici.com", "tags": ["Vendor Advisory"], "url": "https://advisory.teradici.com/security-advisories/60/"}], "sourceIdentifier": "security@teradici.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@teradici.com", "type": "Secondary"}]}