Teradici Cloud Access Connector (CAC) multiple vulnerabilities

Advisory Information


Summary

An local file inclusion vulnerability has been identified in the Management Interface of the Cloud Access Connector and the Cloud Access Connector Legacy for releases from April 20, 2020 and earlier (v15 and earlier for Cloud Access Connector).

A cross-site scripting (xss) vulnerability has been identified in the Management Interface of the Cloud Access Connector and the Cloud Access Connector (Legacy) for releases from April 24, 2020 and earlier (v16 and earlier for the Cloud Access Connector).


Affected Products

  • Cloud Access Connector v15 and earlier (LFI)
  • Cloud Access Connector Legacy April 20, 2020 release and earlier (LFI)
  • Cloud Access Connector v16 and earlier (XSS)
  • Cloud Access Connector Legacy April 24, 2020 release and earlier (XSS)

Solutions and Mitigations

Available Updates

Update to the latest version of Cloud Access Connector.

Workarounds and Mitigation

If this is not possible at this time, you may block or restrict network connectivity to https://<fqdn or ip address of Cloud Access Connector>/CloudAccessManager/ to trusted networks only to reduce the scope of exposure.

Vulnerability Details

Acknowledgements

We would like to thank Michael Fowl and team at VDA Labs for finding and reporting these vulnerabilities.

CVE-2020-13175

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.

CVE-2020-13176

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

11 Aug. 2020: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.