Reset Search
 

 

Article

SA40166 - Remote desktop protocol (RDP) client restriction bypass issue

« Go Back

Information

 
Product AffectedThis issue impacts PCS software version 8.1R7 and 8.2R1 only, as no other PCS release version are impacted.
Problem
A security issue was discovered in the PCS Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature. By exploiting this issue a malicious authenticated user could bypass security controls applied against their terminal services session. This issue is only exploitable by users who have a valid authenticated session to the PCS device as well as authenticating to the backend terminal services server.
Solution
This issue has been resolved in PCS 8.1R8 and 8.2R1.1, and later.
Workaround
To resolve this issue you must update to a release that contains the fix. There are no workarounds for this issue.
Implementation
Related Links
CVSS Score3.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/)
Risk Assessment
Acknowledgements
Alert TypeSA - Security Advisory
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255