IP stack vulnerabilities in Tera2 Zero Client and Remote Workstation Card firmware

Advisory Information

  • Advisory ID: TERA-SA-000056
  • Published: 17 June 2020
  • Last Updated: 17 June 2020
  • Download PDF

Summary

Multiple vulnerabilities have been discovered in the Treck IP stack used in the Tera2 Zero Client and Remote Workstation Card firmware.


Affected Products

  • Tera2 Zero Client firmware 20.01.1 and earlier
  • Tera2 Remote Workstation Card 20.01.1 and earlier

Solutions and Mitigations

Available Updates

Teradici released Zero Client firmware versions 17.05.0, 20.01.3, and 20.04.1 to address these vulnerabilities.

Teradici released Remote Workstation Card versions 17.05.0, 20.01.3, and 20.04.1 to address these vulnerabilities.

Workarounds and Mitigation

There are no workarounds that address this vulnerability. To mitigate the vulnerabilities, update to one of the versions of Zero Client firmware or Remote Workstation Card listed above, (or later).

Vulnerability Details

CVE-2020-11901

View the full description on the MITRE website.

CVE-2020-11900

View the full description on the MITRE website.

CVE-2020-11898

View the full description on the MITRE website.

Please note that the base score of this CVE publication has been modified reflect the severity of the vulnerability when used in Teradici products.

CVE-2020-11896

View the full description on the MITRE website.

Please note that the base score of this CVE publication has been modified reflect the severity of the vulnerability when used in Teradici products.

CVE-2020-11902

View the full description on the MITRE website.

CVE-2020-11904

View the full description on the MITRE website.

CVE-2020-11905

View the full description on the MITRE website.

CVE-2020-11906

View the full description on the MITRE website.

CVE-2020-11907

View the full description on the MITRE website.

CVE-2020-11911

View the full description on the MITRE website.

CVE-2020-11913

View the full description on the MITRE website.

CVE-2020-11912

View the full description on the MITRE website.

CVE-2020-11910

View the full description on the MITRE website.

CVE-2020-11909

View the full description on the MITRE website.

CVE-2020-11914

View the full description on the MITRE website.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

17 June 2020: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.