Back to overview

MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24

VDE-2021-031
Last update
05/14/2025 14:28
Published at
07/22/2021 13:33
Vendor(s)
MB connect line GmbH
External ID
VDE-2021-031
CSAF Document
Download

Summary

Two vulnerabilities in mbCONNECT24 and mymbCONNECT24 can lead to information disclosure and arbitrary code execution.

Please consult the CVE entries for details.

Impact

Affected Product(s)

Model no. Product name Affected versions
mbCONNECT24 <=2.8.0 mbCONNECT24 <=2.8.0
mymbCONNECT24 <=2.8.0 mymbCONNECT24 <=2.8.0

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:58
Severity
6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness
Out-of-bounds Write (CWE-787)
Summary

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:58
Severity
4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Weakness
Improper Input Validation (CWE-20)
Summary

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.

References
cve.org | nvd.nist.gov

Remediation

Update to 2.9.0

Revision History

Version Date Summary
1 07/22/2021 13:35 Initial revision.
2 05/14/2025 14:28 Fix: version space, added distribution