Lucene search

[email protected]NVD:CVE-2023-2282

HistoryApr 25, 2023 - 7:15 p.m.

CVE-2023-2282

2023-04-2519:15:11

[email protected]

web.nvd.nist.gov

improper access control

web login listener

authenticated user

bypass restrictions

unexpected vector

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

devolutionsremote_desktop_managerRange≤2023.1.22

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
devolutionsremote_desktop_manager*cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
devolutions	remote_desktop_manager	*	cpe:2.3:a:devolutions:remote_desktop_manager::::::::

References

devolutions.net/security/advisories/DEVO-2023-0012

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

Related for NVD:CVE-2023-2282

cvelist1 prion1 cve1