CVE-2020-13175
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
Published: Aug 11, 2020 / Updated: 51mo ago

010

CVSS 7.5EPSS 0.63%High

CVE info copied to clipboard

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2020-13175. See article

Aug 11, 2020 at 8:25 PM / web.nvd.nist.gov

EPSS

EPSS Score was set to: 0.63% (Percentile: 76.7%)

Oct 22, 2023 at 3:46 PM

Affected Systems

Teradici/cloud_access_connector

+null more

Patches

advisory.teradici.com

+null more

Links to Mitre Att&cks

T1055: Process Injection

+null more

Attack Patterns

CAPEC-175: Code Inclusion

+null more

CVSS V3.1

Attack Vector:Network

Attack Complexity:Low

Privileges Required:None

User Interaction:None

Scope:Unchanged

Confidentiality:High

Integrity:None

Availability Impact:None

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence 30-day free trial

CVE-2020-13175Inclusion of Functionality from Untrusted Control Sphere (CWE-829)Published: Aug 11, 2020 / Updated: 51mo ago

Timeline

Affected Systems

Patches

Links to Mitre Att&cks

Attack Patterns

CVSS V3.1

Categories

Be the first to know about critical vulnerabilities

CVE-2020-13175
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
Published: Aug 11, 2020 / Updated: 51mo ago