Lucene search

DEVOLUTIONSCVE-2022-4287

HistoryDec 21, 2022 - 5:15 p.m.

CVE-2022-4287

2022-12-2117:15:10

DEVOLUTIONS

web.nvd.nist.gov

cve-2022-4287

authentication bypass

devolutions

remote desktop manager

security vulnerability

windows

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application.

Affected configurations

Nvd

Node

devolutionsremote_desktop_managerRange<2022.3.27

VendorProductVersionCPE
devolutionsremote_desktop_manager*cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
devolutions	remote_desktop_manager	*	cpe:2.3:a:devolutions:remote_desktop_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Local Application Lock"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.27",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2022-0011

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

Related for CVE-2022-4287