CVE-2024-12149

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 4, 2024
Updated: Dec 5, 2024
CWE ID 732

Summary

CVE-2024-12149 is a vulnerability affecting Devolutions Remote Desktop Manager 2024.3.19.0 and earlier versions on Windows. This issue arises from incorrect permission assignments in the temporary access requests component. An authenticated user can exploit this vulnerability to obtain more privileges than originally requested when making temporary permission requests. This misconfiguration poses a potential security risk, allowing unauthorized access or privilege escalation. Users are advised to update to the latest version of Devolutions Remote Desktop Manager to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Devolutions Remote Desktop Manager

Affected Vendors

  • Devolutions