CVE-2020-13179

{"id": "CVE-2020-13179", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-08-11T19:15:17.313", "references": [{"url": "https://advisory.teradici.com/security-advisories/60/", "tags": ["Vendor Advisory"], "source": "security@teradici.com"}, {"url": "https://advisory.teradici.com/security-advisories/60/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@teradici.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-212"}]}], "descriptions": [{"lang": "en", "value": "Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure."}, {"lang": "es", "value": "Los mensajes de Broker Protocol en Teradici PCoIP Standard Agent para Windows y Graphics Agent para Windows versiones anteriores a la 20.04.1, no son limpiados en la memoria del servidor, lo que puede permitir a un atacante leer informaci\u00f3n confidencial de un volcado de memoria forzando un bloqueo durante el procedimiento inicio de sesi\u00f3n \u00fanico"}], "lastModified": "2024-11-21T05:00:48.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "14D4B030-1438-47EC-AA0A-1E74CFFA34E3", "versionEndExcluding": "20.04.1"}, {"criteria": "cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C746FBCC-92C4-40BA-9C88-0C9FD3494932", "versionEndExcluding": "20.04.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@teradici.com"}