Access Control Vulnerability in Devolutions Remote Desktop Manager
CVE-2023-2282

6.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 25 April 2023

What is CVE-2023-2282?

An improper access control flaw exists in the Web Login listener of Devolutions Remote Desktop Manager prior to version 2023.1.23. This vulnerability allows an authenticated user to bypass established administrator-enforced restrictions on Web Login, potentially gaining unauthorized access to sensitive entries through an unintended method. Organizations using affected versions are advised to review their security configurations and apply the necessary updates to mitigate this risk.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2023.1.22

References

https://devolutions.net/security/advisories/DEVO-2023-0012

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Apr 25, 2023