PT-2023-28950 · Devolutions · Devolutions Remote Desktop Manager
Published
2023-08-21
·
Updated
2024-10-03
·
CVE-2023-4373
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Devolutions Remote Desktop Manager versions 2023.2.19 and earlier
Description
Inadequate validation of permissions when employing remote tools and macros within the software permits a user to initiate a connection without proper execution rights via the remote tools feature.
Recommendations
For Devolutions Remote Desktop Manager versions 2023.2.19 and earlier, update to a version later than 2023.2.19 to resolve the issue.
As a temporary workaround, consider restricting access to the remote tools feature until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Remote Desktop Manager