Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apache Guacamole Vulnerabilities Facilitate Attacks on Enterprises

Remote code execution and information disclosure vulnerabilities addressed in Apache Guacamole can be highly useful to threat actors targeting enterprises, Check Point security researchers warn.

Remote code execution and information disclosure vulnerabilities addressed in Apache Guacamole can be highly useful to threat actors targeting enterprises, Check Point security researchers warn.

An open-source remote desktop gateway, Apache Guacamole is an HTML5 web application that can be used on a broad range of devices, straight from the web browser. One of the most prominent remote access tools on the market, it is also embedded in various network accessibility and security solutions.

Guacamole includes support for protocols such as VNC, RDP, and SSH, and allows employees to access corporate computers from remote locations using only the browser. The connection, however, goes through the guacamole-server, which handles communications between the user and the target computer.

While investigating the solution, Check Point’s researchers discovered vulnerabilities that could be exploited via a compromised machine within the enterprise’s environment to take over the gateway and control the communications.

Based on the previous discovery of vulnerabilities in FreeRDP, the security researchers identified two issues in Apache Guacamole iterations that do not implement the available patches for FreeRDP. They also devised an attack that could essentially provide remote code execution capabilities.

Tracked as CVE-2020-9497 and CVE-2020-9498, the flaws are information disclosure (a collection of three bugs) and use-after-free issues, respectively.

By leveraging both vulnerabilities, Check Point’s researchers were able to implement a remote code execution (RCE) exploit allowing for a malicious corporate computer that acts as an RDP server to take control of the guacd process when the user requests to connect to an infected machine.

The researchers, who also published a video demonstrating the attack, were then able to escalate privileges (the guacd process runs with low privileges) to take over the entire gateway. In a real-life attack, that would eventually allow an adversary not only to eavesdrop on all of the connections in the gateway, but also to control the entire network.

Advertisement. Scroll to continue reading.

“Using Apache Guacamole as our example target, we were able to successfully demonstrate how a compromised computer inside the organization can be used to take control of the gateway that handles all of the remote sessions into the network. Once in control of the gateway, an attacker can eavesdrop on all incoming sessions, record all the credentials used, and even start new sessions to control the rest of the computers within the organization,” Check Point notes.

The vulnerabilities were reported to Apache on March 31, silent patches were pushed in early May, and final patches were released on June 28, in Guacamole version 1.2.0.

Related: Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks

Related: COVID-19 Lockdown Fuels Increase in RDP Attacks

Related: Organizations Warned of Dual Threat Posed by RDP and Disruptive Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.