CVE-2020-9497

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Guacamole versions 1.1.0 and older

Description The issue arises from improper validation of data received from RDP servers via static virtual channels. If a user connects to a malicious or compromised RDP server, specially-crafted PDUs could result in disclosure of information within the memory of the guacd process handling the connection.

Recommendations For Apache Guacamole versions 1.1.0 and older, consider updating to a version that properly validates data from RDP servers to prevent potential information disclosure. As a temporary workaround, restrict connections to trusted RDP servers to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BIT-GUACAMOLE-2020-9497

BIT-GUACAMOLE-SERVER-2020-9497

CVE-2020-9497

DLA-2435-1

MGASA-2021-0272

Affected Products

Apache Guacamole

CVE-2020-9497

Weakness Enumeration

Related Identifiers

Affected Products

References · 37