Offline Mode Vulnerability in Devolutions Server by Devolutions
CVE-2023-6588

6.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Workspace
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-6588?

In Devolutions Workspace versions 2023.3.2.0 and earlier, an offline mode vulnerability exists in the Devolutions Server data source. This vulnerability allows unauthorized access to sensitive credentials even when user permissions should prevent offline mode from being active. Attackers with access to the Workspace application can exploit this flaw to gain significant control over user credentials, potentially leading to further security breaches.

Affected Version(s)

Workspace 0

References

https://devolutions.net/security/advisories/DEVO-2023-0022/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Dec 7, 2023