PCoIP Client & Agent dll injection

Advisory Information


Summary

The PCoIP Client & Agent were compiled without the OpenSSL no-auto-load-config configuration option set. This allowed an attacker to load a specially crafted DLL in a build directory into the process as it started.


Affected Products

  • PCoIP Standard Agent prior to 21.07.0
  • PCoIP Graphics Agent prior to 21.07.0
  • PCoIP Software Client prior to 21.03.3

Solutions and Mitigations

Available Updates

The latest PCoIP Clients & Agents for Windows, Linux, and macOS are available from here.

Vulnerability Details

Acknowledgements

Special thanks to Xaviet Danest for the discovery of this vulnerability.

CVE-2021-25699

The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory.

CVE-2021-25698

The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

23 July 2021: Added acknowledgement

15 July 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.