- Description
- Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.
- Source
- security@devolutions.net
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
CVE-2024-12149 Privilege Escalation via Incorrect Permission Assignment in Remot... https://t.co/HtNXBpt14f Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
4 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12149 Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticate… https://t.co/KFU61F3GRP
@CVEnew
4 Dec 2024
411 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "1BD9E9B5-563A-42D6-9EE1-69EF8C8E92C7",
"versionEndExcluding": "2024.3.20.0"
},
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "23586AA8-B192-420B-91EE-DBC5792A1A70",
"versionEndExcluding": "2024.3.20.0"
}
],
"operator": "OR"
}
]
}
]