HIGH🇵🇱 Wersja polska

CVE-2022-1805

CVSS 8.1v3.1pub. 2022-07-28upd. 2024-11-21

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Teradici Tera2 Pcoip Zero Client

    HW
    Teradici
    wszystkie wersje
  • Teradici Tera2 Pcoip Zero Client Firmware

    OS
    Teradici
    22.04< 22.01.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-25689CRITICAL9.8ten sam vendor

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker...

CVE-2017-20121HIGH7.8ten sam vendor

A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by ...

CVE-2021-25698HIGH7.8ten sam vendor

The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the n...

CVE-2021-25695HIGH7.8ten sam vendor

The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any prog...

CVE-2021-25699HIGH7.8ten sam vendor

The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the ...