CVE-2024-11621

High CVSS: 8.8

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.

Versions affected are :
Remote Desktop Manager macOS 2024.3.9.0 and earlier
Remote Desktop Manager Linux 2024.3.2.5 and earlier
Remote Desktop Manager Android 2024.3.3.7 and earlier
Remote Desktop Manager iOS 2024.3.3.0 and earlier

Remote Desktop Manager Powershell 2024.3.6.0 and earlier

Vendor

Devolutions

Product

Remote Desktop Manager

CWE

CWE-295

Yayın Tarihi

2025-02-10 14:15:29

Güncelleme

2025-03-28 16:20:47

Source Identifier

security@devolutions.net

KEV Date Added

Kategoriler

CWE-295 Remote Desktop Manager HIGH Devolutions 2025

Referanslar

https://devolutions.net/security/advisories/DEVO-2025-0001/

Benzer Kayıtlar

Medium

CVE-2026-5175

Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenti…

High

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote att…

Medium

CVE-2026-4829

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an…

High

CVE-2026-4924

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier all…

Medium

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administra…

Medium

CVE-2026-4927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privi…