6.7

CVE-2020-13178

EPSS 0.03%
Veröffentlicht 11.08.2020 18:15:12
Zuletzt bearbeitet 21.11.2024 05:00:48
Quelle security@teradici.com
CVE-Watchlists
Login
Unerledigt
Login

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teradici ≫ Graphics Agent SwPlatformwindows Version < 20.04.1

Teradici ≫ Pcoip Standard Agent SwPlatformwindows Version < 20.04.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://advisory.teradici.com/security-advisories/60/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-13178

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13178

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13178

EUVD