Recent reports indicate that the Remote Desktop Manager and Devolutions Server have been affected by improper access control and Remote code execution vulnerabilities.
The CVEs of these vulnerabilities have been assigned as CVE-2023-5766, CVE-2023-5765, and CVE-2023-5358. The severity of these vulnerabilities ranges between 4.3 (Medium) and 8.8 (High).
Remote Desktop Manager is used by sysadmins to remotely access a host of systems using a variety of software, services, and applications.
On the other hand, Devolutions Server is a self-hosted management solution that can help organizations control access to privileged accounts and business user passwords.
CVE-2023-5766: Remote Code execution in Remote Desktop Manager
This vulnerability exists in Remote Desktop Manager 2023.2.33 and earlier on Windows, which could allow a threat actor to execute codes remotely from another Windows user session on the same host through a specially crafted TCP packet. The severity of this vulnerability has been given as 8.8 (High).
CVE-2023-5765: Improper access control in Password Analyser feature
This vulnerability exists in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows, which could allow a threat actor to bypass permissions through data source switching. The severity of this vulnerability has been given as 4.3 (Medium).
CVE-2023-5358: Improper access control in Report log filters feature
This vulnerability exists in the Report log filters feature in Devolutions Server 2023.2.10.0 and earlier, which could allow a threat actor to extract logs from vaults or restrict entries from accessing via the report request URL query parameters. The severity of this vulnerability has been given as 4.3 (Medium).
Affected Products and Fixed in Version
CVE ID | Affected Products | Fixed in Versions |
CVE-2023-5766 | Remote Desktop Manager 2023.2.33 and earlier on Windows | Remote Desktop Manager Windows 2023.3.20 or higher |
CVE-2023-5765 | Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows | Remote Desktop Manager Windows 2023.3.20 or higher |
CVE-2023-5358 | Devolutions Server 2023.2.10.0 and earlier | Devolutions Server 2023.3.4.0 or higher |
Users of these products are recommended to upgrade to the latest version of these products in order to prevent these vulnerabilities from getting exploited.
Protect vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a Free Trial to ensure 100% security.