Teradici Zero Client Firmware and Remote Workstation Hostcard Firmware crashes from unsupported TLS alerts

Advisory Information

  • Advisory ID: TERA-SA-000067
  • CVE Numbers and Scores:
  • Published: 9 Feb. 2021
  • Last Updated: 9 Feb. 2021
  • Download PDF

Summary

Triggering an unsupported TLS alert can cause the SSL module in Teradici Zero Client firmware and Teradici Remote Workstation Hostcard firmware to crash, resulting in a denial of service.


Affected Products

  • Zero Client Firmware 17.05.3 and older
  • Zero Client Firmware 20.04.4 and older
  • Zero Client Firmware 20.07.3 and older
  • Remote Workstation Hostcard Firmware 17.05.3 and older
  • Remote Workstation Hostcard Firmware 20.04.4 and older
  • Remote Workstation Hostcard Firmware 20.07.3 and older

Solutions and Mitigations

Available Updates

Vulnerability Details

CVE-2020-13184

The SSL module in Teradici Zero Client Firmware and Teradici Remote Workstation Hostcard Firmware before 20.07.3, 20.04.5 and 17.05.4 may crash when unsupported TLS alerts are triggered, allowing an attacker to create a denial of service.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources

  • https://docs.teradici.com/find/product/zero-clients
  • https://docs.teradici.com/find/product/remote-workstation-card

Revision History

9 Feb. 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.