CVE-2020-13175
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to read LDAP credentials via local file inclusion in Teradici Cloud Access Connector's Management Interface. Attackers can exploit specially crafted HTTP requests to leak sensitive authentication data. Organizations using affected versions of Teradici Cloud Access Connector or Cloud Access Connector Legacy are at risk.
💻 Affected Systems
- Teradici Cloud Access Connector
- Teradici Cloud Access Connector Legacy
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain LDAP credentials, potentially compromising domain authentication systems and enabling lateral movement across the network.
Likely Case
LDAP credential theft leading to unauthorized access to network resources and potential privilege escalation.
If Mitigated
Limited to credential exposure without further exploitation if strong network segmentation and monitoring are in place.
🎯 Exploit Status
Exploitation requires crafting HTTP requests but does not require authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions released on or after April 20, 2020
Vendor Advisory: https://advisory.teradici.com/security-advisories/59/
Restart Required: Yes
Instructions:
1. Download latest version from Teradici portal. 2. Backup current configuration. 3. Install update following vendor documentation. 4. Restart services. 5. Verify functionality.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Management Interface to trusted IPs only
Configure firewall rules to allow only specific source IPs to Management Interface port
Disable Management Interface
allTemporarily disable Management Interface if not required
Consult Teradici documentation for service disable commands
🧯 If You Can't Patch
- Implement strict network access controls to limit Management Interface exposure
- Monitor for suspicious HTTP requests to Management Interface endpoints
🔍 How to Verify
Check if Vulnerable:
Check version number in Teradici Cloud Access Connector admin interface or configuration filesCheck Version:
Check Teradici admin console or configuration files for version informationVerify Fix Applied:
Confirm version is April 20, 2020 or later and test Management Interface functionality📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to Management Interface
- Multiple failed authentication attempts following credential exposure
Network Indicators:
- HTTP requests with unusual parameters to Management Interface endpoints
- External IPs accessing Management Interface
SIEM Query:
source="teradici_logs" AND (http_uri CONTAINS "management" OR http_uri CONTAINS "admin") AND http_method="GET" AND http_status=200