Authorization Bypass Vulnerability in Devolutions Server Products
CVE-2024-6512

6.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Devolutions Server
Vendor: CVE Published:; 25 September 2024

What is CVE-2024-6512?

An authorization bypass vulnerability exists in the PAM access request approval mechanism of Devolutions Server 2024.2.10 and earlier. This issue allows authenticated users with approval permissions to approve their own access requests, circumventing specified security protocols and potentially leading to unauthorized actions within the system. Organizations utilizing Devolutions Server should assess their security configurations to mitigate risks associated with this vulnerability.

Affected Version(s)

Devolutions Server Windows 0 <= 2024.2.10.0

References

https://devolutions.net/security/advisories/DEVO-2024-0013

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024