ID:3058 - Exploit for Input validation error in Guacamole - CVE-2020-9497

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3058 - Exploit for Input validation error in Guacamole - CVE-2020-9497

ID:3058 - Exploit for Input validation error in Guacamole - CVE-2020-9497

Published: July 6, 2020


Vulnerability identifier: #VU29481
Vulnerability risk: Medium
CVE-ID: CVE-2020-9497
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Guacamole

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to insufficient validation of user-supplied input of RDP static virtual channels. A remote attacker can use a specially crafted PDUs to disclose sensitive information within the memory of the guacd process handling the connection.  


Remediation

Install updates from vendor's website.