CVE-2021-25695

EPSS 0.06%
Veröffentlicht 21.07.2021 15:15:15
Zuletzt bearbeitet 21.11.2024 05:55:18
Quelle security@teradici.com
CVE-Watchlists
Login
Unerledigt
Login

The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teradici ≫ Pcoip SwPlatformwindows Version < 21.07.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.158

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-782 Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

https://advisory.teradici.com/security-advisories/100/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25695

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-25695