Client-Side Permission Bypass in Devolutions Remote Desktop Manager for iOS
CVE-2023-6593

9.8CRITICAL

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-6593?

A client-side permission bypass vulnerability exists in Devolutions Remote Desktop Manager for iOS, specifically in versions 2023.3.4.0 and earlier. This flaw allows an attacker who has gained access to the application to execute SQL entries within the data source without any authorization constraints. Such a breach could lead to unauthorized data manipulation, posing significant risks to user privacy and data security.

Affected Version(s)

Remote Desktop Manager iOS 0 <= 2023.3.4.0

References

https://devolutions.net/security/advisories/DEVO-2023-0023/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Dec 7, 2023