CVE-2023-4373

2023-08-2118:36:23

DEVOLUTIONS

www.cve.org

inadequate validation

remote tools

macros

devolutions remote desktop manager

execution rights

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Remote tools"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.2.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0015/