Apache Guacamole 1.1.0 and older: Memory Disclosure Vulnerability via RDP Server

Apache Guacamole 1.1.0 and older: Memory Disclosure Vulnerability via RDP Server

CVE-2020-9497 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.

Learn more about our Cis Benchmark Audit For Server Software.