Lucene search
DEVOLUTIONSCVE-2023-5765HistoryNov 01, 2023 - 6:15 p.m.
CVE-2023-5765
2023-11-0118:15:10
DEVOLUTIONS
web.nvd.nist.gov
21
cve-2023-5765
improper access control
devolutions remote desktop manager
data source switching
windows
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
43.8%
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.
Affected configurations
Node
microsoftwindowsMatch-
devolutionsremote_desktop_managerRange≤2023.2.33
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
| devolutions | remote_desktop_manager | * | cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2023.2.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
CVE-2023-5765
2023-11-01 17:12:15
nvd
nvd
CVE-2023-5765
2023-11-01 18:15:10
vulnrichment
vulnrichment
CVE-2023-5765
2023-11-01 17:12:15
prion
prion
Improper access control
2023-11-01 18:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
43.8%
Related for CVE-2023-5765