CVE-2024-11672

Published Nov 25, 2024

Last updated 25 days ago

CVSS medium 4.3

Overview

Description: Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
Source: security@devolutions.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

security@devolutions.net: CWE-863
nvd@nist.gov: CWE-863

Hype score: Not currently trending

CVE-2024-11672 Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user … https://t.co/60w6DIDrR7
@CVEnew
25 Nov 2024
370 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53809D50-22E9-48E9-99A7-11B4E8FAC8AE",
            "versionEndExcluding": "2024.3.10.0"
          },
          {
            "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34028922-82CE-4A14-9492-DBB4FC8D49EF",
            "versionEndExcluding": "2024.3.10.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References