CVE-2023-4417

2023-08-2118:38:06

DEVOLUTIONS

www.cve.org

improper access controls

devolutions remote desktop manager

personal vault entry

shared vaults

windows

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.2.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0015