Home » NCS Products » Categories » Zero & Thin Clients » Security Advisory » Security Advisory 062001-02

Security Advisory 062001-02

0

For PCoIP Zero Clients and Remote Workstation Cards

Issue Summary

A set of serious security vulnerabilities has been discovered in Teradici PCoIP Zero Client and Remote Workstation Card Firmware 20.01.1 (released in January 2020) and earlier.

Download NCS Security Advisory (PDF)

Affected NCS Products

Mobile Zero Clients

Cirrus LT and Cirrus LT Plus

Desktop Zero Clients

Cirrus DT WiFi, Cirrus DT 5220, Cirrus DT TZ-202L, & Cirrus DT TZ-204L

Remote Workstation Cards

Teradici 2-Port and 4-Port Remote Workstation Cards


The above listed NCS products are only affected when installed with Firmware 20.01.1 and earlier. The earlier versions include but may not be limited to:

Zero Client Firmware Versions: 20.01.1; 20.01.0; 6.X.Y; 5.X.Y; 4.X.Y
Remote Workstation Card Firmware Versions: 20.01.1; 20.01.0; 5.X.Y; 4.X.Y

(X & Y can be numeric values between 0 and 9)

Vulnerability Details

To determine the level of exposure NCS customers should review the list of CVE IDs below:

CVE-2020-11896; CVE-2020-11898; CVE-2020-11900; CVE-2020-11901; CVE-2020-11902; CVE-2020-11904; CVE-2020-11905; CVE-2020-11906; CVE-2020-11907; CVE-2020-11909; CVE-2020-11910; CVE-2020-11911; CVE-2020-11912; CVE-2020-11913; CVE-2020-11914
(Each CVE ID link above refers to NIST site providing more details about the CVE.)

Available Fix

There are three options to get the fix for security vulnerabilities.

Option 1

Register your PCoIP Zero Clients if you purchased them within the last year and receive one year of updates for free.

Option 2

Purchase All Access licenses to update to Firmware 20.01.3 / 20.04.1 or later by contacting your NCS Sales Representative.

Option 3

Use the complimentary Zero Client Firmware 17.05 or Remote Workstation Card Firmware 17.05 now available through December 31, 2020.
Note: Firmware 17.05 is the last complimentary release that Teradici offers and there would only be an update for 17.05 if there is a critical security vulnerability.

Suggested Action

Upgrade the Zero Client and Remote Workstation Card Firmware to the recommended firmware revision as soon as possible.

Request Information About the Teradici Security Advisory

Please contact your NCS Sales Representative if you require more specific information about this issue.


Or Fill Out this Form:

Thank you for your interest in the NCS Teradici security advisory. Please fill out the form below and a member of the NCS team will respond to your request!

1