Home > Vulnerability Database > CVE-2024-35164

Mend.io Vulnerability Database

CVE-2024-35164

Good to know:

Date: July 2, 2025

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed\nwith the privileges of the running guacd process.\n\n\n\n\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue.

Severity Score

6.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35164

Url: https://lists.apache.org/thread/sgs8lplbkrpvd3hrvcnnxh3028h4py70

Url: https://www.mend.io/vulnerability-database/CVE-2024-35164

Severity Score

6.8

Weakness Type (CWE)

Improper Validation of Array Index

CWE-129

Top Fix

Upgrade Version

Upgrade to version https://github.com/apache/guacamole-server.git - 1.6.0

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35164

Good to know:

Date: July 2, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?