CVE-2020-9498

Name of the Vulnerable Software and Affected Versions: Apache Guacamole versions 1.1.0 and older

Description: The issue is related to the mishandling of pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. This can be described as a buffer overflow operation in memory, which may allow an attacker to elevate their privileges and execute arbitrary code.

Recommendations: For Apache Guacamole versions 1.1.0 and older, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to RDP static virtual channels to minimize the risk of memory corruption. Avoid connecting to untrusted or potentially compromised RDP servers until the issue is resolved.