Security & Compliance

DEVO-2022-0012

Zusammenfassung

The MSI installers for Devolutions Server Console and Remote Desktop Manager were vulnerable to a local privilege escalation.

This issue is caused by a vulnerability in the Advanced Installer product.The following Advanced Installer release fixes this issue :https://www.advancedinstaller.com/release-20.1.html

Betroffene Produkte

Devolutions Server Console 2022.3.4 and earlier

Remote Desktop Manager 2022.3.23 and earlier

Änderungsprotokoll

Initial Publication - 2022-11-25

Schweregrad

High

Produkt

Remote Desktop Manager, Devolutions Server Console

Behobene Version

RDM 2022.3.24, DVLS Console 2022.3.5

Local privilege escalation in RDM and DVLS installers.

Beschreibung

The version of Advanced Installer used to generate Remote Desktop Manager and Devolutions Server MSI installer files was vulnerable to a privilege escalation.

Behebungen und Workarounds

Upgrade to Devolutions Server Console to 2022.3.5 and higher

Upgrade to Remote Desktop Manager to 2022.3.24 and higher

Schweregrad

High - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Betroffene Produkte

Devolutions Server Console 2022.3.4 and earlier

Remote Desktop Manager 2022.3.23 and earlier

CVE(s)

CVE-2023-25396

Danksagungen

Jean-Luca Gruber

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions