CVE-2020-9497 – Apache / Guacamole – Information disclosure
CVE-2020-9497 is an information disclosure vulnerability impacting Apache Guacamole versions 1.1.0 and earlier. A proof of concept (PoC) was not observed publicly or in the underground. However, a walk-through demo of an exploit was shared via YouTube. This vulnerability can be exploited in conjunction with CVE-2020-9498 to execute arbitrary code on the vulnerable system.
Summary:
CVE-2020-9497 is an information disclosure vulnerability impacting Apache Guacamole versions 1.1.0 and earlier. A proof of concept (PoC) was not observed publicly or in the underground. However, a walk-through demo of an exploit was shared via YouTube. This vulnerability can be exploited in conjunction with CVE-2020-9498 to execute arbitrary code on the vulnerable system.
PoC Links(if available):
Apache Guacamole RCE –
Known Counter Measures:
The vendor addressed the vulnerability in a security update with updated version.
Links to patches(if available)
https://guacamole.apache.org/releases/
