MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24, mymbCONNECT24 <= 2.8.0

VDE-2021-031 (2021-07-22 13:34 UTC+0200)

Affected Vendors

MB connect line

Affected Products

mbCONNECT24, mymbCONNECT24 <= 2.8.0

Summary

Two vulnerabilities in mbCONNECT24 and mymbCONNECT24 can lead to information disclosure and arbitrary code execution.

Please see next section "Impact" for details".

Impact

CVE-2020-9497
CVSS: 4.4 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)
CWE: Information Leak / Disclosure (CWE - 200)

Apache Guacamole 1.1.0 and older do not properly validate data received from RDP servers via static virtual channels. If a user connects to a malicious or compromised RDP server, specially-crafted PDUs could result in disclosure of information within the memory of the guacd process handling the connection.

CVE-2020-9498
CVSS: 6.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
CWE:
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially- crafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.

Solution

Update to 2.9.0

Reported by

MB connect line reported this vulnerability to CERT@VDE.