7.8
CVE-2020-13173
- EPSS 0.05%
- Veröffentlicht 28.05.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 05:00:48
- Quelle security@teradici.com
- CVE-Watchlists
- Unerledigt
LoginInitialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teradici ≫ Pcoip Graphics Agent SwPlatformwindows Version <= 19.11.1
Teradici ≫ Pcoip Standard Agent SwPlatformwindows Version <= 19.11.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.103 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.