CVE-2024-1901

2024-03-0521:33:18

DEVOLUTIONS

www.cve.org

cve-2024-1901

denial of service

pam permissions

devolutions server

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2023.3.14.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2024-0002