CVE-2022-1805

2022-07-2815:15:07

CWE-295

[email protected]

web.nvd.nist.gov

amazon workspaces

sha256

zero clients

mitm

pcoip

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.5%

JSON

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

Affected configurations

Nvd

Node

teradicitera2_pcoip_zero_client_firmwareRange<22.01.5

teradicitera2_pcoip_zero_client_firmwareMatch22.04

AND

teradicitera2_pcoip_zero_clientMatch-

VendorProductVersionCPE
teradicitera2_pcoip_zero_client_firmware*cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:*:*:*:*:*:*:*:*
teradicitera2_pcoip_zero_client_firmware22.04cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:*:*:*:*:*:*:*
teradicitera2_pcoip_zero_client-cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
teradici	tera2_pcoip_zero_client_firmware	*	cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware::::::::
teradici	tera2_pcoip_zero_client_firmware	22.04	cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:::::::*
teradici	tera2_pcoip_zero_client	-	cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:::::::*