CVE-2024-11621
Last modified
CVE-2024-11621 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Devolutions | Remote Desktop Manager | < 2024.3.2.9 |
| Devolutions | Remote Desktop Manager | < 2024.3.4.0 |
| Devolutions | Remote Desktop Manager | < 2024.3.4.2 |
| Devolutions | Remote Desktop Manager | < 2024.3.10.3 |
| Devolutions | Remote Desktop Manager Powershell | < 2024.3.7 |
References
- https://devolutions.net/security/advisories/DEVO-2025-0001/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-11621?
How severe is CVE-2024-11621?
How do I fix CVE-2024-11621?
Are you affected by CVE-2024-11621?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST