CVE-2024-11621

Опубликовано: 10 фев. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.

Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier

Remote Desktop Manager Powershell 2024.3.6.0 and earlier

Ссылки

https://devolutions.net/security/advisories/DEVO-2025-0001/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:linux:*:*

Версия до 2024.3.2.9 (исключая)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:iphone_os:*:*

Версия до 2024.3.4.0 (исключая)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:android:*:*

Версия до 2024.3.4.2 (исключая)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:macos:*:*

Версия до 2024.3.10.3 (исключая)

cpe:2.3:a:devolutions:remote_desktop_manager_powershell:*:*:*:*:*:*:*:*

Версия до 2024.3.7 (исключая)

EPSS

Процентиль: 18%

0.00057

Низкий

8.8 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-gvgm-vg2q-4mrw

CVSS3: 8.8

github

12 месяцев назад

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier

EPSS

Процентиль: 18%

0.00057

Низкий

8.8 High

CVSS3

Дефекты

CWE-295