Share: Email | Twitter

ID

VDE-2021-031

Published

2021-07-22 13:33 (CEST)

Last update

2021-07-22 13:33 (CEST)

Vendor(s)

MB connect line GmbH

Product(s)

Article No┬░ Product Name Affected Version(s)
mbCONNECT24 <= 2.8.0
mymbCONNECT24 <= 2.8.0

Summary

Two vulnerabilities in mbCONNECT24 and mymbCONNECT24 can lead to information disclosure and arbitrary code execution.

Please consult the CVE entries for details.

Vulnerabilities



Weakness
Out-of-bounds Write (CWE-787)
Summary

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted ...

Weakness
Improper Input Validation (CWE-20)
Summary

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result ...

Solution

Update to 2.9.0

Reported by

MB connect line reported this vulnerability to CERT@VDE.