Guacamole Open Source Remote Administrative Protocol Session Hijacking

Two CVE’s (2020-9497 and 2020-9498) have been announced in the Apache Guacamole service. Successful exploitation of these vulnerabilities would allow an attacker to hijack a session on the host device or steal credentials.

These vulnerabilities have been highlighted in version 1.1.0 of Guacamole. This version of the software should be updated to the latest version at the time of writing this is version 1.2.0.

If this is not possible the protocol should be removed until a fix is released.

This vulnerability is still waiting for confirmation by the NVD and this post may be updates as new information is available.

Source: The Register

Risk Crew

Next Webinar: Holistic Security Testing in the New Threat Landscape »

Previous « How to Maintain ISO 27001 Remotely

Published by

Risk Crew

Tags: July2020

5 years ago

ISO 42001: Key Insights You Need to Know

Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…

3 months ago

ISO 27001 Requirements | Your Roadmap to Compliance

Article

ISO 27001 Requirements | Your Roadmap to Compliance

Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…

3 months ago

GRC resources

DORA | DISCOVERY SESSION

4 months ago

Blog

DORA Compliance Checklist | GUIDE

4 months ago

Essential Red Team KPIs & Metrics | GUIDE

Security Testing resources

Essential Red Team KPIs & Metrics | GUIDE

5 months ago

Blog

How to Get Ready for a Penetration Test

It is an undeniable fact that all applications and infrastructures are essentially in need of…