Security & Compliance
DEVO-2022-0012
Zusammenfassung
The MSI installers for Devolutions Server Console and Remote Desktop Manager were vulnerable to a local privilege escalation.
This issue is caused by a vulnerability in the Advanced Installer product.The following Advanced Installer release fixes this issue :https://www.advancedinstaller.com/release-20.1.html
Betroffene Produkte
Devolutions Server Console 2022.3.4 and earlier
Remote Desktop Manager 2022.3.23 and earlier
Änderungsprotokoll
Initial Publication - 2022-11-25
Schweregrad
High
Produkt
Remote Desktop Manager, Devolutions Server Console
Behobene Version
RDM 2022.3.24, DVLS Console 2022.3.5
Local privilege escalation in RDM and DVLS installers.
Beschreibung
The version of Advanced Installer used to generate Remote Desktop Manager and Devolutions Server MSI installer files was vulnerable to a privilege escalation.
Behebungen und Workarounds
Upgrade to Devolutions Server Console to 2022.3.5 and higher
Upgrade to Remote Desktop Manager to 2022.3.24 and higher
Schweregrad
High - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Betroffene Produkte
Devolutions Server Console 2022.3.4 and earlier
Remote Desktop Manager 2022.3.23 and earlier
CVE(s)
CVE-2023-25396
Danksagungen
Jean-Luca Gruber