Lucene search
DEVOLUTIONSCVE-2023-5240HistoryOct 13, 2023 - 1:15 p.m.
CVE-2023-5240
2023-10-1313:15:12
CWE-284
DEVOLUTIONS
web.nvd.nist.gov
20
cve-2023-5240
improper access control
pam propagation scripts
devolutions server
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
40.6%
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Affected configurations
Node
devolutionsdevolutions_serverRange≤2023.2.8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| devolutions | devolutions_server | * | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"PAM"
],
"product": "Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2023.2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-5240
2023-10-13 12:22:23
prion
prion
Improper access control
2023-10-13 13:15:00
nvd
nvd
CVE-2023-5240
2023-10-13 13:15:12
cvelist
cvelist
CVE-2023-5240
2023-10-13 12:22:23
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
40.6%
Related for CVE-2023-5240