{"containers": {"cna": {"affected": [{"product": "Tera2 Zero Client", "vendor": "n/a", "versions": [{"status": "affected", "version": "Firmware version 22.04 and earlier"}]}], "descriptions": [{"lang": "en", "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client."}], "problemTypes": [{"descriptions": [{"description": "Man in the Middle Attack", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-28T14:21:09", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2022-1805", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tera2 Zero Client", "version": {"version_data": [{"version_value": "Firmware version 22.04 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Man in the Middle Attack"}]}]}, "references": {"reference_data": [{"name": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794", "refsource": "MISC", "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:16:59.963Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2022-1805", "datePublished": "2022-07-28T14:21:09", "dateReserved": "2022-05-20T00:00:00", "dateUpdated": "2024-08-03T00:16:59.963Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BDC5949-06FB-493B-BA9C-CA37BC611F28", "versionEndExcluding": "22.01.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:teradici:tera2_pcoip_zero_client_firmware:22.04:*:*:*:*:*:*:*", "matchCriteriaId": "652204B8-1CF6-4A8B-8D29-EACFA05BA212", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:teradici:tera2_pcoip_zero_client:-:*:*:*:*:*:*:*", "matchCriteriaId": "91376750-D525-48A7-B775-6DFB7953C05D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client."}, {"lang": "es", "value": "Cuando es conectado a Amazon Workspaces, el SHA256 presentado por el aprovisionador de conexiones de AWS no es verificado completamente por Zero Clients. El problema podr\u00eda ser explotado por un adversario que coloque un MITM (Man in the Middle) entre un cliente cero y el aprovisionador de sesiones de AWS en la red. Este problema s\u00f3lo es aplicable cuando es conectado a un espacio de trabajo de Amazon desde un cliente cero PCoIP"}], "id": "CVE-2022-1805", "lastModified": "2024-11-21T06:41:30.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-28T15:15:07.553", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}