Apache Guacamole 1.1.0 and older: Memory Disclosure Vulnerability via RDP Server
CVE-2020-9497 · MEDIUM Severity
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.
Learn more about our Cis Benchmark Audit For Server Software.