- Description
- Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
- Source
- security@devolutions.net
- NVD status
- Modified
- Products
- remote_desktop_manager
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 4.7
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
- Severity
- MEDIUM
- security@devolutions.net
- CWE-285
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*",
"matchCriteriaId": "0C146019-3232-4413-BB31-AC876E37BFE5",
"versionEndExcluding": "2024.3.31.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*",
"matchCriteriaId": "183673B7-2357-4FA7-98E7-32F986B65BC3",
"versionEndExcluding": "2024.3.31.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*",
"matchCriteriaId": "3A6A560B-95F7-419D-8B56-7327BC2164B1",
"versionEndExcluding": "2025.1.26.0",
"versionStartIncluding": "2025.1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*",
"matchCriteriaId": "367DF58A-9A33-46BD-AB77-74B7B8A4E48E",
"versionEndExcluding": "2025.1.26.0",
"versionStartIncluding": "2025.1.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]