Vulnerabilities in Apache Guacamole (CVE-2020-9497 and CVE-2020-9498)

Published on 04 Jul 2020

Updated on 04 Jul 2020

Apache has released security updates to address two vulnerabilities (CVE-2020-9497 and CVE-2020-9498) in Apache Guacamole, a clientless remote desktop gateway.

Successful exploitation of the vulnerabilities could allow attackers on the same network to intercept traffic and take control of all sessions that are connected, allowing attackers to execute arbitrary code remotely.

The vulnerabilities affect Apache Guacamole versions 1.1.0 and older.

Administrators and users of the affected versions are advised to update their application immediately.

More information is available at:
https://guacamole.apache.org/security/
https://research.checkpoint.com/2020/apache-guacamole-rce/