IP stack Out-of-bounds Read in Tera2 Zero Client and Remote Workstation Card firmware

Advisory Information

  • Advisory ID: TERA-SA-000057
  • CVE Numbers and Scores:
  • Published: 8 July 2020
  • Last Updated: 8 July 2020
  • Download PDF

Summary

An out-of-bounds read has been discovered in the Treck IP stack used in the Tera2 Zero Client and Remote Workstation Card firmware.


Affected Products

  • Tera2 Zero Client firmware 6.5.x and earlier
  • Tera2 Zero Client firmware 17.05.0
  • Tera2 Zero Client firmware 20.01.0 - 20.01.3
  • Tera2 Zero Client firmware 20.04.1
  • Tera2 Remote Workstation Card 5.1.x and earlier
  • Tera2 Remote Workstation Card firmware 17.05.0
  • Tera2 Remote Workstation Card firmware 20.01.0 - 20.01.3
  • Tera2 Remote Workstation Card firmware 20.04.1

Solutions and Mitigations

Available Updates

Teradici released Zero Client firmware versions 17.05.1, 20.01.4, and 20.04.2 to address these vulnerabilities.

Teradici released Remote Workstation Card versions 17.05.1, 20.01.4, and 20.04.2 to address these vulnerabilities.

Workarounds and Mitigation

There are no workarounds that address this vulnerability. To mitigate the vulnerabilities, update to one of the versions of Zero Client firmware or Remote Workstation Card listed above, (or later).

Vulnerability Details

CVE-2020-11903

The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

8 July 2020: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.