Bypass Execute Permission Vulnerability in Devolutions Remote Desktop Manager
CVE-2024-6354

7.2HIGH

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 26 June 2024

What is CVE-2024-6354?

An improper access control vulnerability has been identified in the PAM dashboard of Devolutions Remote Desktop Manager, specifically in version 2024.2.11 and earlier. This flaw allows authenticated users to bypass the execute permissions, which can lead to unauthorized actions within the application. Organizations using affected versions should take immediate steps to apply necessary patches and mitigate the risk.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2024.2.11

References

https://devolutions.net/security/advisories/DEVO-2024-0010

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2024
Vulnerability Reserved
Jun 26, 2024