CVE-2020-9498

6.7MEDIUM

Key Information:

Vendor: Apache
Status: Apache Guacamole
Vendor: CVE Published:; 2 July 2020

Summary

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

Affected Version(s)

Apache Guacamole Apache Guacamole 1.1.0 and older

References

https://lists.apache.org/thread.html/rff824b38ebd2fddc726...

x_refsource_MISC

https://lists.apache.org/thread.html/r26fb170edebff842c74...

mailing-listx_refsource_MLIST

https://research.checkpoint.com/2020/apache-guacamole-rce/

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Mar 1, 2020

.