Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1805

Опубликовано: 28 июл. 2022
Источник: nvd
CVSS3: 8.1
EPSS Низкий

Описание

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:*:*:*:*:*:*:*:*
Версия до 22.01.5 (исключая)
cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:*:*:*:*:*:*:*
cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%
0.00408
Низкий

8.1 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

github логотип

GHSA-mqfh-36p4-43qx

CVSS3: 8.1
github
больше 3 лет назад

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

EPSS

Процентиль: 61%
0.00408
Низкий

8.1 High

CVSS3

Дефекты

CWE-295