Vulnerabilities > CVE-2020-13175 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Teradici products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

teradici

CWE-829

NVD

Published: 2020-08-11

Updated: 2020-08-14

Summary

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.

Vulnerable Configurations

Part	Description	Count
Application	Teradici Teradici Cloud Access Connector * Teradici Cloud Access Connector Legacy *	2

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://advisory.teradici.com/security-advisories/59/