Lucene search

[email protected]CVE-2023-6593

HistoryDec 12, 2023 - 3:15 p.m.

CVE-2023-6593

2023-12-1215:15:07

CWE-732

[email protected]

web.nvd.nist.gov

cve-2023-6593

client side

permission bypass

devolutions

remote desktop manager

ios

sql data source

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.0%

JSON

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.

Affected configurations

NVD

Node

devolutionsremote_desktop_managerRange<2023.3.5.0

AND

appleiphone_osMatch-

CPENameOperatorVersion
devolutions:remote_desktop_managerdevolutions remote desktop managerlt2023.3.5.0

CPE	Name	Operator	Version
devolutions:remote_desktop_manager	devolutions remote desktop manager	lt	2023.3.5.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Permission",
      "SQL Data Source"
    ],
    "platforms": [
      "iOS"
    ],
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.3.4.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0023/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.0%

JSON

Related for CVE-2023-6593

nvd1 prion1 cvelist1