Millions of endpoints affected by HP Teradici PCoIP vulnerabilities

Fifteen million endpoints, including those supporting government agencies, news organizations, and military operations, leveraging the HP Teradici PCoIP client and agent product for Windows, macOS, and Linux are affected by critical security flaws, according to BleepingComputer. HP has noted 10 vulnerabilities impacting Teradici PCoIP products, including the PCoIP client, Graphics Agent, client SDK, and Standard Agent for Windows, Linux, and macOS, three of which are critical. All of the critical flaws, tracked as CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824, involve integer overflow and invalid libexpat shift problems, which could be exploited to facilitate privilege escalation, uncontrollable resource consumption, and remote code execution. Integer overflow issues were also reported in five other high-severity bugs, tracked as CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, and CVE-2021-46143. HP has also addressed an OpenSSL denial-of-service vulnerability, tracked as CVE-2022-0778. Threat actors could exploit the OpenSSL flaw to prompt software loops and remove the capability for remote device access. HP's warning about the OpenSSL flaw comes after similar disclosures from QNAP and Palo Alto Networks.