Authorization Bypass Vulnerability in Devolutions Remote Desktop Manager
CVE-2024-11670

Currently unrated

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-11670?

The vulnerability in Devolutions Remote Desktop Manager versions up to 2024.2.21 involves a flaw in the permission validation component. This issue allows an authenticated user to bypass the established 'View Password' permission by executing specific actions, potentially exposing sensitive information. Organizations relying on this software need to be aware of this vulnerability to ensure proper security measures are in place.

References

https://devolutions.net/security/advisories/DEVO-2024-0015

Timeline

Vulnerability published
Nov 25, 2024