CVE-2020-9497 – Apache / Guacamole – Information disclosure

CVE-2020-9497 is an information disclosure vulnerability impacting Apache Guacamole versions 1.1.0 and earlier. A proof of concept (PoC) was not observed publicly or in the underground. However, a walk-through demo of an exploit was shared via YouTube. This vulnerability can be exploited in conjunction with CVE-2020-9498 to execute arbitrary code on the vulnerable system.

Summary:

CVE-2020-9497 is an information disclosure vulnerability impacting Apache Guacamole versions 1.1.0 and earlier. A proof of concept (PoC) was not observed publicly or in the underground. However, a walk-through demo of an exploit was shared via YouTube. This vulnerability can be exploited in conjunction with CVE-2020-9498 to execute arbitrary code on the vulnerable system.

PoC Links(if available):

Apache Guacamole RCE –

Would you like some RCE with your Guacamole?

Known Counter Measures:

The vendor addressed the vulnerability in a security update with updated version.

Links to patches(if available)

https://guacamole.apache.org/releases/