Reset Search
 

 

Article

SA44525 - 2020-07: Out-of-Cycle Advisory: Multiple Vulnerabilities in Apache Guacamole Software

« Go Back

Information

 
Product AffectedThis issue impacts the following product:

Pulse Connect Secure
Problem
This advisory provides information about the Apache Guacamole (HTML5 Access) vulnerabilities highlighted in CVE-2020-9498 and CVE-2020-9497. If a end user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption or result in disclosure of information within the memory of the guacd process handling the connection. The Apache Guacamole advisory can be found at the following link: https://guacamole.apache.org/security/
Solution
Pulse Secure has evaluated the issues reported in CVE-2020-9498 and CVE-2020-9497. Please refer to the below table to determine which products are affected.

As the investigation continues, we recommend subscribing to this advisory as it will be periodically updated to reflect the current status.

CVE-2020-9498
5.7 Medium CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
 
Pulse Connect SecureNot Vulnerable
Pulse Policy SecureNot Vulnerable
Pulse OneNot Vulnerable

CVE-2020-9497
3.5 Low CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Pulse Connect SecureVulnerable
Pulse Policy SecureNot Vulnerable
Pulse OneNot Vulnerable
NOTE: PCS version 8.1Rx and below versions are not applicable to this vulnerability.
 

Exploitation:

Pulse Secure PSIRT is not aware of any malicious exploitation for this vulnerability. 

Document History:
July 7, 2020 - Initial advisory posted.

LEGAL DISCLAIMER

  • THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK.  PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
  • A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS.  THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
Workaround
  • This vulnerability is only applicable to HTML5 Access (RDP Access) feature. If HTML5 Access for RDP Session is not configured, they are not vulnerable to this vulnerability.
  • HTML5 Access also allows an administrator to perform SSH and Telnet. This vulnerability is not applicable if the HTML5 Access feature is enabled for SSH or Telnet.
  • This vulnerability is applicable only if end users are connected to a malicious or compromised RDP server. This vulnerability can be prevented by disabling the users created bookmarks and only allow administrators to selected trusted remote machines for RDP.
  • To mitigate this vulnerability, an administrator can also disable the sound, drive and printing option for HTML5 Access Bookmarks.
Pulse Connect Secure (PCS) Configuration:
Login to PCS admin console
Navigate to Users > Resource Profiles > HTML5 Access
Find the HTML5 Access profile and under Bookmarks column, select the corresponding link.
Under Resource Options, select the checkbox for Disable Audio and uncheck Enable Printing, Enable Audio on Console Session, Enable Remote Drive for file transfer, Connect to the Console Session and Enable copy/paste option.

User-added image
Implementation
Related Links
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9497
CVSS Score3.5 Low CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Risk Assessment
Acknowledgements
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255