1. Home
  2. CVE Database
  3. CVE-2022-1805
HIGH · 8.1

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in ...

Vulnerability Description

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
TeradiciTera2 Pcoip Zero Client Firmware< 22.01.5
TeradiciTera2 Pcoip Zero Client-

Related Weaknesses (CWE)

CWE-295

References

FAQ

What is CVE-2022-1805?

CVE-2022-1805 is a vulnerability with a CVSS score of 8.1 (HIGH). When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in ...

How severe is CVE-2022-1805?

CVE-2022-1805 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1805?

Check the references section above for vendor advisories and patch information. Affected products include: Teradici Tera2 Pcoip Zero Client Firmware, Teradici Tera2 Pcoip Zero Client.