CVE-2020-10965

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Teradici PCoIP Management Console versions 19.11.1 through 20.01.0

Description The issue allows for unauthenticated password resets via the "login/resetadminpassword" endpoint of the default admin account. This is only possible when the default admin account is not disabled.

Recommendations For versions 19.11.1 and 20.01.0, update to version 19.11.2 or 20.01.1 to resolve the issue. As a temporary workaround, consider disabling the default admin account until a patch is available.

Exploit

Fix

Improper Authentication

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-306

Related Identifiers

CVE-2020-10965

Affected Products

Teradici Pcoip Management Console

CVE-2020-10965

Weakness Enumeration

Related Identifiers

Affected Products

References · 5