PT-2021-9565 · Teradici · Teradici Cloud Access Connector

Published

2021-02-11

Updated

2021-02-25

CVE-2020-13185

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Teradici Cloud Access Connector versions prior to 18

Description The issue allows certain web application pages in the authenticated section to be accessed without specifying authentication tokens. This enables an attacker to execute sensitive functions without credentials.

Recommendations For versions prior to 18, update to version 18 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive functions until the update is applied.

Fix

Improper Authentication

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-288

Related Identifiers

CVE-2020-13185

Affected Products

Teradici Cloud Access Connector

PT-2021-9565 · Teradici · Teradici Cloud Access Connector

CVE-2020-13185

Weakness Enumeration

Related Identifiers

Affected Products

References · 4