Security & Compliance

DEVO-2022-0012

Affected Products

Devolutions Server Console 2022.3.4 and earlier Remote Desktop Manager 2022.3.23 and earlier

Change Log

Initial Publication - 2022-11-25

Severity

High

Product

Remote Desktop Manager, Devolutions Server Console

Fix Version

RDM 2022.3.24, DVLS Console 2022.3.5

Summary

The MSI installers for Devolutions Server Console and Remote Desktop Manager were vulnerable to a local privilege escalation. This issue is caused by a vulnerability in the Advanced Installer product. The following Advanced Installer release fixes this issue : https://www.advancedinstaller.com/release-20.1.html

Local privilege escalation in RDM and DVLS installers.

Description

The version of Advanced Installer used to generate Remote Desktop Manager and Devolutions Server MSI installer files was vulnerable to a privilege escalation.

Remediation and Workarounds

Upgrade to Devolutions Server Console to 2022.3.5 and higher

Upgrade to Remote Desktop Manager to 2022.3.24 and higher

Severity

High - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Devolutions Server Console 2022.3.4 and earlier

Remote Desktop Manager 2022.3.23 and earlier

CVE(s)

Pending

Credits

Jean-Luca Gruber

Devolutions Logo
English français Deutsch
Contact Us

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS 1000 Notre-Dame, Lavaltrie, QC J5T 1M1, Canada
Legal & Privacy infos@devolutions.net
All rights reserved © 2023 Devolutions