CVE-2020-9497

4.4MEDIUM

Key Information:

Vendor: Apache
Status: Apache Guacamole
Vendor: CVE Published:; 2 July 2020

Summary

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.

Affected Version(s)

Apache Guacamole Apache Guacamole 1.1.0 and older

References

https://lists.apache.org/thread.html/r65f75d3d65d1af68141...

x_refsource_MISC

https://lists.apache.org/thread.html/r3f071de70ea1facd360...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/r066543f0565e97b27c0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Mar 1, 2020

.