VDE-2021-031
Vulnerability from csaf_mbconnectlinegmbh - Published: 2021-07-22 11:33 - Updated: 2025-05-14 12:28Summary
MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24
Notes
Summary: Two vulnerabilities in mbCONNECT24 and mymbCONNECT24 can lead to information disclosure and arbitrary code execution.
Please consult the CVE entries for details.
Remediation: Update to 2.9.0
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.
6.7 (Medium)
Vendor Fix
Update to 3.9R0.5
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.
4.4 (Medium)
Vendor Fix
Update to 3.9R0.5
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Two vulnerabilities in mbCONNECT24 and mymbCONNECT24 can lead to information disclosure and arbitrary code execution.\n\nPlease consult the CVE entries for details.",
"title": "Summary"
},
{
"category": "description",
"text": "Update to 2.9.0",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security-team@mbconnectline.de",
"name": "MB connect line GmbH",
"namespace": "https://mbconnectline.com"
},
"references": [
{
"category": "external",
"summary": "MB connect line advisory overview at CERT@VDE",
"url": "https://certvde.com/en/advisories/vendor/mbconnectline/"
},
{
"category": "self",
"summary": "VDE-2021-031: MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-031"
},
{
"category": "self",
"summary": "VDE-2021-031: MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24 - CSAF",
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-031.json"
}
],
"title": "MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24",
"tracking": {
"aliases": [
"VDE-2021-031"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-01-27T09:53:05.468Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.17"
}
},
"id": "VDE-2021-031",
"initial_release_date": "2021-07-22T11:33:00.000Z",
"revision_history": [
{
"date": "2021-07-22T11:35:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "2",
"summary": "Fix: version space, added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.8.0",
"product": {
"name": "mbCONNECT24 \u003c=2.8.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "2.9.0",
"product": {
"name": "mbCONNECT24 2.9.0",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "mbCONNECT24"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.8.0",
"product": {
"name": "mymbCONNECT24 \u003c=2.8.0",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "2.9.0",
"product": {
"name": "mymbCONNECT24 2.9.0",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "mymbCONNECT24"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "MB connect line"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002"
],
"summary": "Fixed Products"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-9498",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 3.9R0.5",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002"
]
}
],
"title": "CVE-2020-9498"
},
{
"cve": "CVE-2020-9497",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 3.9R0.5",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 4.4,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002"
]
}
],
"title": "CVE-2020-9497"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…