CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware::::::::
	cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:::::::*

cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-28 15:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-1805

Mitre link : CVE-2022-1805

CVE.ORG link : CVE-2022-1805

JSON object : View

Products Affected

teradici

tera2_pcoip_zero_client_firmware
tera2_pcoip_zero_client

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2022-1805", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2022-07-28T15:15:07.553", "references": [{"url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794", "tags": ["Patch", "Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client."}, {"lang": "es", "value": "Cuando es conectado a Amazon Workspaces, el SHA256 presentado por el aprovisionador de conexiones de AWS no es verificado completamente por Zero Clients. El problema podr\u00eda ser explotado por un adversario que coloque un MITM (Man in the Middle) entre un cliente cero y el aprovisionador de sesiones de AWS en la red. Este problema s\u00f3lo es aplicable cuando es conectado a un espacio de trabajo de Amazon desde un cliente cero PCoIP"}], "lastModified": "2022-08-05T02:12:52.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BDC5949-06FB-493B-BA9C-CA37BC611F28", "versionEndExcluding": "22.01.5"}, {"criteria": "cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "652204B8-1CF6-4A8B-8D29-EACFA05BA212"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91376750-D525-48A7-B775-6DFB7953C05D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}