Insecure Permission Check in Devolutions Remote Desktop Manager by Devolutions
CVE-2021-42098

8.8HIGH

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 18 October 2021

What is CVE-2021-42098?

An incomplete permission check in Devolutions Remote Desktop Manager prior to version 2021.2.16 allows attackers to bypass established permissions, enabling unauthorized access to sensitive functionalities through custom PowerShell scripts. This flaw can lead to significant security risks, as it undermines the integrity of the permissions system intended to protect users’ data and operational integrity.

Affected Version(s)

Remote Desktop Manager 2021.2.14 and earlier. Fixed in 2021.2.16.

References

https://devolutions.net

x_refsource_MISC

https://devolutions.net/security/advisories/DEVO-2021-0006

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2021
Vulnerability Reserved
Oct 7, 2021