Check Point‘s researchers announced that they have found that in Guacamole there are some critical reverse RDP Vulnerabilities. Multiple new vulnerabilities are found in FreeRDP. Guacamole versions that were released before January 2020 are in particularly using vulnerable FreeRDP versions. Attackers can exploit these vulnerabilities to compromise a computer inside the organization, to attack back via the Guacamole gateway when an unsuspecting worker connects to his infected machine. It further allows attackers to achieve full control over the Guacamole server, and to intercept and control all other connected sessions.
2 attack vectors:
- Reverse Attack Scenario: A compromised machine inside the corporate network will leverage the incoming benign connection and attack back via the gateway, aiming to take it over.
- Malicious Worker Scenario: A malicious employee, together with his malicious computer inside the network, can leverage his hold on both ends of the connection in order to take over the gateway
Jonathan Fischbein, CISO at Check Point said,
“After our researchers discovered the vulnerability and notified me and the Apache team, we collaborated and simulated a POC on our staging environment to apply the patch. Within 24 hours from the finding and testing, we implemented the security fix and became the first production environment to be secured against this security vulnerability thus ensuring that our employees can safely connect remotely.”