CVE-2023-1202

Published Apr 2, 2023

Last updated a year ago

Overview

Description: Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
Source: security@devolutions.net
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-863

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF2F5F64-BFED-4D0D-95E8-BA3B53356C54",
            "versionEndExcluding": "2023.1.10"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References