CVE-2022-1805 - OpenCVE

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Teradici	Tera2 Pcoip Zero Client Tera2 Pcoip Zero Client Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware::::::::
	cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:::::::*

cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2022-07-28T14:21:09

Updated: 2024-08-03T00:16:59.963Z

Reserved: 2022-05-20T00:00:00

Link: CVE-2022-1805

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-28T15:15:07.553

Modified: 2022-08-05T02:12:52.913

Link: CVE-2022-1805

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Tera2 Zero Client", "vendor": "n/a", "versions": [{"status": "affected", "version": "Firmware version 22.04 and earlier"}]}], "descriptions": [{"lang": "en", "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client."}], "problemTypes": [{"descriptions": [{"description": "Man in the Middle Attack", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-28T14:21:09", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2022-1805", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tera2 Zero Client", "version": {"version_data": [{"version_value": "Firmware version 22.04 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Man in the Middle Attack"}]}]}, "references": {"reference_data": [{"name": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794", "refsource": "MISC", "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:16:59.963Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2022-1805", "datePublished": "2022-07-28T14:21:09", "dateReserved": "2022-05-20T00:00:00", "dateUpdated": "2024-08-03T00:16:59.963Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BDC5949-06FB-493B-BA9C-CA37BC611F28", "versionEndExcluding": "22.01.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:*:*:*:*:*:*:*", "matchCriteriaId": "652204B8-1CF6-4A8B-8D29-EACFA05BA212", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:*:*:*:*:*:*:*", "matchCriteriaId": "91376750-D525-48A7-B775-6DFB7953C05D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client."}, {"lang": "es", "value": "Cuando es conectado a Amazon Workspaces, el SHA256 presentado por el aprovisionador de conexiones de AWS no es verificado completamente por Zero Clients. El problema podr\u00eda ser explotado por un adversario que coloque un MITM (Man in the Middle) entre un cliente cero y el aprovisionador de sesiones de AWS en la red. Este problema s\u00f3lo es aplicable cuando es conectado a un espacio de trabajo de Amazon desde un cliente cero PCoIP"}], "id": "CVE-2022-1805", "lastModified": "2022-08-05T02:12:52.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-28T15:15:07.553", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}