2 min

HP has issued a security alert regarding new significant security flaws in the Teradici PCoIP client and agent for Windows, Linux, and macOS, which affect 15 million endpoints.

Teradici is afflicted by the recently exposed OpenSSL certificate parsing problem, which creates an indefinite denial of service loop and various integer overflow vulnerabilities in Expat, according to the computer and software company.

Teradici PCoIP (PC over IP) is a proprietary remote desktop technology licensed to several virtualization product providers. HP bought it in 2021 and incorporated it into some of its own products.

The ubiquity of Teradici

Teradici PCoIP solutions are used by government entities, military units, game development studios, broadcast businesses, journalism organizations, and other groups, according to the company’s website.

In two advisories (1, 2), HP has reported 10 vulnerabilities, three of which are classified as critical (CVSS v3 score: 9.8), eight as high-severity, and one as medium.

CVE-2022-0778, a denial-of-service problem in OpenSSL caused by processing a maliciously generated certificate, is one of the most severe flaws patched this time.

The issue can cause the program to become unresponsive, but given the product’s vital mission applications, such an attack would be incredibly detrimental.

Update now

In the event of an attack, users will no longer have the ability to remotely access machines. CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824, all integer overflow and incorrect shift flaws in libexpat, might result in unmanageable resource consumption, privilege escalation, and remote code execution.

The remaining five high-severity problems are CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, and CVE-2021-46143, which are all integer overflow flaws. The products affected include Standard Agent for Windows, Linux, and macOS, the PCoIP client, Graphics Agent, and client SDK.

Users are encouraged to update to version 22.01.3 or later, utilising OpenSSL 1.1.1n and libexpat 2.4.7 to resolve all problems.