CVE-2023-5765: Devolutions

DEVO-2023-0019****Summary

Remote Desktop Manager Windows and Devolutions Server are affected by security vulnerabilities.

Affected Products

Remote Desktop Manager Windows 2023.2.33 and earlier Devolutions Server 2023.2.10.0 and earlier

Change Log

2023-11-01 - Initial Publication

Severity

High

Product

Remote Desktop Manager Windows, Devolutions Server

Fix Version

RDMW 2023.3.20, DVLS 2023.3.4

Remote code execution in Remote Desktop Manager****Description

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.

Remediation and Workarounds

Upgrade to Remote Desktop Manager Windows 2023.3.20 or higher.

Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 8.8 High

Affected Products

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE(s)

CVE-2023-5766

Improper access control in Password Analyser feature****Description

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.

Remediation and Workarounds

Upgrade to Remote Desktop Manager Windows 2023.3.20 or higher.

Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Affected Products

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE(s)

CVE-2023-5765

Improper access control in Report log filters feature****Description

Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.

Remediation and Workarounds

Upgrade to Devolutions Server 2023.3.4.0 or higher

Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Affected Products

Devolutions Server 2023.2.10.0 and earlier

CVE(s)

CVE-2023-5358