VDE-2021-031 | CERT@VDE

2021-07-22 13:33 (CEST) VDE-2021-031

MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24, mymbCONNECT24 <= 2.8.0

Share: Email | Twitter

ID

VDE-2021-031

Published

2021-07-22 13:33 (CEST)

Last update

2021-07-22 13:33 (CEST)

Vendor(s)

MB connect line GmbH

Product(s)

Article No°	Product Name	Affected Version(s)
	mbCONNECT24	<= 2.8.0
	mymbCONNECT24	<= 2.8.0

Summary

Two vulnerabilities in mbCONNECT24 and mymbCONNECT24 can lead to information disclosure and arbitrary code execution.

Please consult the CVE entries for details.

Vulnerabilities

CVE-2020-9498

6.7

Severity

6.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

Weakness

Out-of-bounds Write (CWE-787)

Summary

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted ...

Source

nvd.nist.gov

CVE-2020-9497

4.4

Severity

4.4 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)

Weakness

Improper Input Validation (CWE-20)

Summary

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result ...

Source

nvd.nist.gov

Solution

Update to 2.9.0

Reported by

MB connect line reported this vulnerability to CERT@VDE.