CVE-2023-4417
Last modified
CVE-2023-4417 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Devolutions | Remote Desktop Manager | <= 2023.2.19 |
References
- https://devolutions.net/security/advisories/DEVO-2023-0015Vendor Advisory
- https://devolutions.net/security/advisories/DEVO-2023-0015Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-4417?
How severe is CVE-2023-4417?
How do I fix CVE-2023-4417?
Are you affected by CVE-2023-4417?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST