Lucene search

TeradiciCVE-2020-13176

HistoryAug 11, 2020 - 6:15 p.m.

CVE-2020-13176

2020-08-1118:15:12

CWE-79

Teradici

web.nvd.nist.gov

cve-2020-13176

teradici

cloud access connector

xss

remote attack

log poisoning

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.

Affected configurations

Nvd

Node

teradicicloud_access_connectorRange≤16

teradicicloud_access_connector_legacyRange<2020-04-24

VendorProductVersionCPE
teradicicloud_access_connector*cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*
teradicicloud_access_connector_legacy*cpe:2.3:a:teradici:cloud_access_connector_legacy:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
teradici	cloud_access_connector	*	cpe:2.3:a:teradici:cloud_access_connector::::::::
teradici	cloud_access_connector_legacy	*	cpe:2.3:a:teradici:cloud_access_connector_legacy::::::::

CNA Affected

[
  {
    "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)"
      }
    ]
  }
]

References

advisory.teradici.com/security-advisories/59/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

Related for CVE-2020-13176