First published: Thu May 28 2020(Updated: )
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.
Credit: security@teradici.com
Affected Software | Affected Version | How to fix |
---|---|---|
Teradici Pcoip Graphics Agent | <=19.11.1 | |
Teradici Pcoip Standard Agent | <=19.11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13173 is a vulnerability that exists in the Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier.
CVE-2020-13173 allows an attacker to intercept sensitive information or possibly elevate privileges by exploiting an insecure named pipe in the initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent and PCoIP Graphics Agent.
CVE-2020-13173 has a severity rating of 7.8 (High).
Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier are affected by CVE-2020-13173.
To fix the CVE-2020-13173 vulnerability, it is recommended to update to a version of Teradici PCoIP Standard Agent and PCoIP Graphics Agent that is newer than 19.11.1.