IP stack vulnerabilities in Tera2 Zero Client and Remote Workstation Card firmware

Advisory Information

  • Advisory ID: TERA-SA-000071
  • Published: 9 Feb. 2021
  • Last Updated: 9 Feb. 2021
  • Download PDF

Summary

Multiple vulnerabilities have been discovered in the Treck IP stack used in the Tera2 Zero Client and Remote Workstation Card firmware.


Affected Products

  • Tera2 Zero Client firmware 20.07.3 and earlier
  • Tera2 Zero Client firmware 20.04.4 and earlier
  • Tera2 Zero Client firmware 17.05.2 and earlier
  • Tera2 Remote Workstation Card 20.01.1 and earlier
  • Tera2 Remote Workstation Card 20.04.4 and earlier
  • Tera2 Remote Workstation Card 17.05.2 and earlier

Solutions and Mitigations

Available Updates

Download the latest Zero Client Firmware

Download the latest Remote Workstation Card Firmware

Workarounds and Mitigation

There are no workarounds that address this vulnerability. To mitigate the vulnerabilities, update to one of the versions of Zero Client firmware or Remote Workstation Card listed above.

Vulnerability Details

CVE-2020-25066

View the full description on the MITRE website.

CVE-2020-27337

View the full description on the MITRE website.

CVE-2020-27338

View the full description on the MITRE website.

CVE-2020-11904

View the full description on the MITRE website.

CVE-2020-27336

View the full description on the MITRE website.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources

  • https://docs.teradici.com/find/product/zero-clients
  • https://docs.teradici.com/find/product/remote-workstation-card

Revision History

9 Feb. 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.