Описание
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.04.1 (исключая)Версия до 20.04.1 (исключая)
Одно из
cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*
cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 21%
0.00068
Низкий
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427
CWE-427
Связанные уязвимости
github
больше 3 лет назад
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
EPSS
Процентиль: 21%
0.00068
Низкий
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427
CWE-427