Elevation of Privilege Vulnerability in Devolutions Remote Desktop Manager
CVE-2022-3641

8.8HIGH

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 12 December 2022

What is CVE-2022-3641?

The elevation of privilege vulnerability in Devolutions Remote Desktop Manager versions 2022.3.13 to 2022.3.24 allows authenticated users to potentially spoof a privileged account within the Azure SQL Data Source, posing significant security risks. This issue could enable unauthorized access to sensitive data and capabilities that should only be available to high-privileged accounts, underscoring the importance of prompt remediation and system updates.

Affected Version(s)

Remote Desktop Manager Windows 2022.3.13 <= 2022.3.24

References

https://devolutions.net/security/advisories/DEVO-2022-0010

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Oct 21, 2022