CVE-2020-9497 – Apache / Guacamole – Information disclosure

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

CVE-2020-9497 is an information disclosure vulnerability impacting Apache Guacamole versions 1.1.0 and earlier. A proof of concept (PoC) was not observed publicly or in the underground. However, a walk-through demo of an exploit was shared via YouTube. This vulnerability can be exploited in conjunction with CVE-2020-9498 to execute arbitrary code on the vulnerable system.

PoC Links(if available):

Apache Guacamole RCE –
https://research.checkpoint.com/2020/apache-guacamole-rce/

Known Counter Measures:

The vendor addressed the vulnerability in a security update with updated version.

Links to patches(if available)

https://guacamole.apache.org/releases/

Available for Amazon Prime