CVE-2024-11670
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Nov 25, 2024
CWE ID 863
Summary
CVE-2024-11670 is a vulnerability affecting the permission validation component in Devolutions Remote Desktop Manager 2024.2.21 and earlier versions. This issue enables a malicious authenticated user to bypass the "View Password" permission through specific actions, granting unauthorized access to sensitive information. This vulnerability poses a significant risk to organizations that utilize this software for remote access management. It is crucial for users to apply the necessary patches or updates to mitigate this security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Devolutions Remote Desktop Manager
Affected Vendors
- Devolutions