Management Console Reflected Cross Site Scripting

Advisory Information

  • Advisory ID: TERA-SA-000063
  • CVE Numbers and Scores:
  • Published: 11 Aug. 2020
  • Last Updated: 11 Aug. 2020
  • Download PDF

Summary

By exposing a Management Console user with an active session to a malicious Cross Site Scripting (XSS) payload, an attacker is able to take over the user / manipulate the MC under the context of the user.


Affected Products

  • Management Console prior to 20.07

Solutions and Mitigations

Available Updates

Update to Management Console 20.07 or later.

Workarounds and Mitigation

There are no workarounds at this time.

Vulnerability Details

CVE-2020-13183

Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources

  • https://docs.teradici.com/find/product/management-console

Revision History

11 Aug. 2020: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.