9.8
CVE-2024-6057
- EPSS 0.92%
- Veröffentlicht 17.06.2024 13:15:53
- Zuletzt bearbeitet 28.03.2025 16:23:36
- Quelle security@devolutions.net
- CVE-Watchlists
- Unerledigt
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Devolutions ≫ Remote Desktop Manager SwEditionfree SwPlatformwindows Version < 2024.1.32.0
Devolutions ≫ Remote Desktop Manager SwEditionteam SwPlatformwindows Version < 2024.1.32.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.92% | 0.556 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://devolutions.net/security/advisories/DEVO-2024-0008