Memory Corruption in Apache Guacamole RDP Handling
CVE-2020-9498

6.7MEDIUM

Key Information:

Vendor

Apache
Status
Apache Guacamole
Vendor
CVE Published:
2 July 2020

What is CVE-2020-9498?

Apache Guacamole versions 1.1.0 and earlier contain a vulnerability that arises from mishandling pointers when processing data from RDP static virtual channels. When a user connects to a compromised RDP server, carefully crafted PDUs (Protocol Data Units) may trigger memory corruption, potentially allowing an attacker to execute arbitrary code with the permissions of the guacd process. This scenario emphasizes the importance of ensuring secure server connections.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Guacamole Apache Guacamole 1.1.0 and older

References

https://lists.apache.org/thread.html/rff824b38ebd2fddc726...
x_refsource_MISC
https://lists.apache.org/thread.html/r26fb170edebff842c74...
mailing-listx_refsource_MLIST
https://research.checkpoint.com/2020/apache-guacamole-rce/
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.