CVE-2020-13177

EPSS 0.07%
Veröffentlicht 11.08.2020 18:15:12
Zuletzt bearbeitet 21.11.2024 05:00:48
Quelle security@teradici.com
CVE-Watchlists
Login
Unerledigt
Login

The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teradici ≫ Graphics Agent SwPlatformwindows Version < 20.04.1

Teradici ≫ Pcoip Standard Agent SwPlatformwindows Version < 20.04.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://advisory.teradici.com/security-advisories/60/

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-13177

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13177

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13177

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-13177