#VU29481 Input validation error in Guacamole - CVE-2020-9497

Cybersecurity Help s.r.o.

Published: 2020-07-02 | Updated: 2020-07-15

Vulnerability identifier: #VU29481

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-9497

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Guacamole
Server applications / Remote management servers, RDP, SSH

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to insufficient validation of user-supplied input of RDP static virtual channels. A remote attacker can use a specially crafted PDUs to disclose sensitive information within the memory of the guacd process handling the connection.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Guacamole: 0.8.3 - 1.1.0

External links
https://seclists.org/oss-sec/2020/q3/2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Fedora 33 update for guacamole-server

Fedora EPEL 7 update for guacamole-server

Fedora 32 update for guacamole-server

Usage of vulnerable Apache Guacamole in Pulse Connect Secure

Multiple vulnerabilities in Apache Guacamole