PT-2020-13374 · Teradici · Teradici Cloud Access Connector

Published

2020-08-11

Updated

2020-08-14

CVE-2020-13175

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Teradici Cloud Access Connector versions prior to 15 Teradici Cloud Access Connector Legacy versions prior to April 20, 2020

Description The issue allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. This is due to a local file inclusion vulnerability in the Management Interface of the affected software.

Recommendations For Teradici Cloud Access Connector versions prior to 15, update to a version released after April 20, 2020. For Teradici Cloud Access Connector Legacy versions prior to April 20, 2020, update to a version released after April 20, 2020.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829CWE-98

Related Identifiers

CVE-2020-13175

Affected Products

Teradici Cloud Access Connector

PT-2020-13374 · Teradici · Teradici Cloud Access Connector

CVE-2020-13175

Weakness Enumeration

Related Identifiers

Affected Products

References · 4