Lucene search

HP Product Security Response TeamHPSBHF03794

HistoryJul 12, 2022 - 12:00 a.m.

AWS Connection Session Provisioner’s SHA256 hash is not fully verified by PCoIP Zero Clients

2022-07-1200:00:00

HP Product Security Response Team

support.hp.com

aws

connection session provisioner

sha256 hash

pcoip

zero clients

tera2

zero client firmware

vulnerabilities

remediation

update

teradici

software

installation

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

53.5%

JSON

HP has provided updated versions of Tera2 Zero Client firmware that remediate vulnerabilities found in firmware version 22.04 and earlier.

Products can be updated or replaced with the latest release by downloading from the Teradici website and following standard installation or update instructions:

Affected configurations

Vulners

Node

hpsmart_zero_coreRange<22.01.5

hpsmart_zero_coreRange<22.04.1

VendorProductVersionCPE
hpsmart_zero_core*cpe:2.3:a:hp:smart_zero_core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	smart_zero_core	*	cpe:2.3:a:hp:smart_zero_core::::::::

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

53.5%

JSON

Related for HPSBHF03794