CVE-2024-35164
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/07/2025
Last modified:
03/07/2025
Description
The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed<br />
with the privileges of the running guacd process.<br />
<br />
<br />
<br />
<br />
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
Impact
Base Score 3.x
6.80
Severity 3.x
MEDIUM