CVE-2023-1202

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-1202
Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://devolutions.net/security/advisories/DEVO-2023-0008 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*
History

07 Nov 2023, 04:02

Type Values Removed Values Added
Summary Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

07 Apr 2023, 19:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
First Time Devolutions remote Desktop Manager
Devolutions
CPE cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*
CWE CWE-863
References (MISC) https://devolutions.net/security/advisories/DEVO-2023-0008 - (MISC) https://devolutions.net/security/advisories/DEVO-2023-0008 - Vendor Advisory

02 Apr 2023, 23:48

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-02 21:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-1202

Mitre link : CVE-2023-1202

CVE.ORG link : CVE-2023-1202

JSON object : View

Products Affected

devolutions

  • remote_desktop_manager
CWE
CWE-863

Incorrect Authorization