CVE-2023-5765

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2023-0019/	Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0019/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:42

Type	Values Removed	Values Added
References	~~() https://devolutions.net/security/advisories/DEVO-2023-0019/ - Vendor Advisory~~	() https://devolutions.net/security/advisories/DEVO-2023-0019/ - Vendor Advisory

Information

Published : 2023-11-01 18:15

Updated : 2024-11-21 08:42

NVD link : CVE-2023-5765

Mitre link : CVE-2023-5765

CVE.ORG link : CVE-2023-5765

JSON object : View

Products Affected

devolutions

remote_desktop_manager

microsoft

windows

CWE

NVD-CWE-Other

{"id": "CVE-2023-5765", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-01T18:15:10.020", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2023-0019/", "tags": ["Vendor Advisory"], "source": "security@devolutions.net"}, {"url": "https://devolutions.net/security/advisories/DEVO-2023-0019/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.\n"}, {"lang": "es", "value": "El control de acceso inadecuado en la funci\u00f3n de analizador de contrase\u00f1as en Devolutions Remote Desktop Manager 2023.2.33 y versiones anteriores en Windows permite a un atacante omitir los permisos mediante el cambio de fuente de datos."}], "lastModified": "2024-11-21T08:42:26.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8880342C-889A-4F06-8E7B-01E8410B7BA0", "versionEndIncluding": "2023.2.33"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@devolutions.net"}

9.8 /10