CVE-2024-11672
CVSS V2 None
CVSS V3 None
Description
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
Overview
- CVE ID
- CVE-2024-11672
- Assigner
- DEVOLUTIONS
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-25T14:46:20.186Z
- Last Modified Date
- 2024-11-25T16:47:53.171Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://devolutions.net/security/advisories/DEVO-2024-0016 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-11672 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11672 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-26 13:14:39 | Added to TrackCVE |