Denial of Service Vulnerability in Devolutions Gateway by Devolutions
CVE-2023-1580

7.5HIGH

Key Information:

Vendor: Devolutions
Status: Gateway
Vendor: CVE Published:; 2 April 2023

What is CVE-2023-1580?

A vulnerability exists within the logging feature of Devolutions Gateway that can be exploited by attackers to cause uncontrolled resource consumption. This leads to denial of service by filling up disk space, ultimately rendering the system unusable. Users are encouraged to review the software version and apply necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Gateway 0 <= 2023.1.1

References

https://devolutions.net/security/advisories/DEVO-2023-0007

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2023
Vulnerability Reserved
Mar 22, 2023