Details of VAR-202507-0519

ID

VAR-202507-0519

CVE

CVE-2024-35164

TITLE

Apache Software Foundation of Apache Guacamole Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-025890

DESCRIPTION

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue. Apache Software Foundation of Apache Guacamole Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-35164 // JVNDB: JVNDB-2024-025890

AFFECTED PRODUCTS

vendor:	apache	model:	guacamole	scope:	gte	version:	0.8.0	Trust: 1.0
vendor:	apache	model:	guacamole	scope:	lt	version:	1.6.0	Trust: 1.0
vendor:	apache	model:	guacamole	scope:	eq	version:	-	Trust: 0.8
vendor:	apache	model:	guacamole	scope:	eq	version:	0.8.0 that's all 1.6.0	Trust: 0.8
vendor:	apache	model:	guacamole	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-025890 // NVD: CVE-2024-35164

CVSS

SEVERITY

CVSSV2

CVSSV3

security@apache.org:	CVE-2024-35164
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-35164
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-35164
value:	HIGH
Trust: 0.8

security@apache.org:	CVE-2024-35164
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	5.2
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-35164
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-35164
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-025890 // NVD: CVE-2024-35164 // NVD: CVE-2024-35164

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-129	Trust: 1.0
problemtype:	Improper validation of array indexes (CWE-129) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-025890 // NVD: CVE-2024-35164

EXTERNAL IDS

db:	NVD	id:	CVE-2024-35164	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-025890	Trust: 0.8

sources: JVNDB: JVNDB-2024-025890 // NVD: CVE-2024-35164

REFERENCES

url:	https://lists.apache.org/thread/sgs8lplbkrpvd3hrvcnnxh3028h4py70	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-35164	Trust: 0.8

sources: JVNDB: JVNDB-2024-025890 // NVD: CVE-2024-35164

SOURCES

db:	JVNDB	id:	JVNDB-2024-025890
db:	NVD	id:	CVE-2024-35164

LAST UPDATE DATE

2025-07-14T23:23:41.214000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-025890	date:	2025-07-10T02:46:00
db:	NVD	id:	CVE-2024-35164	date:	2025-07-09T15:24:36.757

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-025890	date:	2025-07-10T00:00:00
db:	NVD	id:	CVE-2024-35164	date:	2025-07-02T12:15:27.770