CVE-2020-13175 (GCVE-0-2020-13175)
Vulnerability from cvelistv5
Published
2020-08-11 17:40
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Local File Inclusion ()
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.
References
| ► | URL | Tags | |
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - Cloud Access Connector - Cloud Access Connector Legacy |
Version: Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- Cloud Access Connector - Cloud Access Connector Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Local File Inclusion (CWE-98)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T17:40:37",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
"version": {
"version_data": [
{
"version_value": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Inclusion (CWE-98)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/59/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/59/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13175",
"datePublished": "2020-08-11T17:40:37",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-13175\",\"sourceIdentifier\":\"security@teradici.com\",\"published\":\"2020-08-11T18:15:12.520\",\"lastModified\":\"2024-11-21T05:00:48.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.\"},{\"lang\":\"es\",\"value\":\"La interfaz de administraci\u00f3n de Teradici Cloud Access Connector y Cloud Access Connector Legacy para versiones anteriores al 20 de abril de 2020 (versi\u00f3n v15 y anteriores para Cloud Access Connector), contiene una vulnerabilidad de inclusi\u00f3n de archivos locales que permite a un atacante remoto no autenticado filtrar credenciales de LDAP por medio de un petici\u00f3n HTTP dise\u00f1ada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@teradici.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-98\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-829\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15\",\"matchCriteriaId\":\"8DDC4DD6-123E-47DC-8B79-BC46AA75EE99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:teradici:cloud_access_connector_legacy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2020-04-20\",\"matchCriteriaId\":\"1F13A060-A77C-4466-8ABE-3E6C38CDB683\"}]}]}],\"references\":[{\"url\":\"https://advisory.teradici.com/security-advisories/59/\",\"source\":\"security@teradici.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://advisory.teradici.com/security-advisories/59/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…