216.73.217.172

CVE-2024-35164

· Published 02/07/2025 12:15 · Modified 03/07/2025 15:13

Labels: CVE-2024-35164 2025-07-02CVE-2024-35164CWE-129[email protected]

Essential information

Published
02/07/2025 12:15
Modified
03/07/2025 15:13
Author
Creator
CVSS
6.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / guacamole cpe:2.3:a:apache:guacamole:1.5.5:*:*:*:*:*:*:*
apache / guacamole cpe:2.3:a:apache:guacamole:<1.6.0:*:*:*:*:*:*:*
apache / guacamole cpe:2.3:a:apache:guacamole:1.6.0:*:*:*:*:*:*:*

References