Inadequate Permission Validation in Devolutions Remote Desktop Manager
CVE-2023-4373

9.8CRITICAL

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 21 August 2023

What is CVE-2023-4373?

The vulnerability allows unauthorized users to initiate connections via remote tools and macros in Devolutions Remote Desktop Manager versions 2023.2.19 and earlier. This occurs due to insufficient validation of user permissions, which could lead to unauthorized access to sensitive environments. Organizations using affected versions are encouraged to apply available updates to mitigate potential risks associated with this issue.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2023.2.19

References

https://devolutions.net/security/advisories/DEVO-2023-0015/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 15, 2023