Security & Compliance
DEVO-2023-0019
Zusammenfassung
Remote Desktop Manager Windows and Devolutions Server are affected by security vulnerabilities.
Betroffene Produkte
Remote Desktop Manager Windows 2023.2.33 and earlierDevolutions Server 2023.2.10.0 and earlier
Änderungsprotokoll
2023-11-01 - Initial Publication 2023-11-09 - Updated Devolutions Server fixed version due to new LTS release. 2023-11-10 - Updated Remote Desktop Manager fixed version due to backported fix to 2023.2.34
Schweregrad
High
Produkt
Remote Desktop Manager Windows, Devolutions Server
Behobene Version
RDMW 2023.2.34, DVLS 2023.2.11
Remote code execution in Remote Desktop Manager
Beschreibung
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.
Schweregrad
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 8.8 High
Betroffene Produkte
Remote Desktop Manager Windows 2023.2.33 and earlier
CVE(s)
CVE-2023-5766
Improper access control in Password Analyser feature
Beschreibung
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.
Schweregrad
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium
Betroffene Produkte
Remote Desktop Manager Windows 2023.2.33 and earlier
CVE(s)
CVE-2023-5765
Improper access control in Report log filters feature
Beschreibung
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
Behebungen und Workarounds
Upgrade to Devolutions Server 2023.2.11.0 or higher
Schweregrad
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium
Betroffene Produkte
Devolutions Server 2023.2.10.0 and earlier
CVE(s)
CVE-2023-5358