CVE-2022-1805
HIGHTera2 PCoIP Zero Client Firmware < 22.01.5 - Improper Certificate Validation
Title source: llmDescription
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794
Scores
CVSS v3
8.1
EPSS
0.0052
EPSS Percentile
40.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (2)
teradici/tera2_pcoip_zero_client_firmware
22.04
teradici/tera2_pcoip_zero_client_firmware
< 22.01.5
Published
Jul 28, 2022
Tracked Since
Feb 18, 2026