CVE-2024-11621
Vulnerability from cvelistv5
Published
2025-02-10 13:55
Modified
2025-02-12 15:17
Severity ?
EPSS score ?
Summary
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.
Versions affected are :
Remote Desktop Manager macOS 2024.3.9.0 and earlier
Remote Desktop Manager Linux 2024.3.2.5 and earlier
Remote Desktop Manager Android 2024.3.3.7 and earlier
Remote Desktop Manager iOS 2024.3.3.0 and earlier
Remote Desktop Manager Powershell 2024.3.6.0 and earlier
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:38:05.343392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:17:11.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2024.3.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2024.3.2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2024.3.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2024.3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Powershell"
],
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2024.3.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eMissing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\u003cbr\u003e\u003cbr\u003eVersions affected are :\u003cbr\u003eRemote Desktop Manager macOS 2024.3.9.0 and earlier\u003cbr\u003eRemote Desktop Manager Linux 2024.3.2.5 and earlier\u003cbr\u003eRemote Desktop Manager Android 2024.3.3.7 and earlier\u003cbr\u003eRemote Desktop Manager iOS 2024.3.3.0 and earlier\u003c/div\u003e\u003cdiv\u003eRemote Desktop Manager Powershell 2024.3.6.0 and earlier\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\n\nVersions affected are :\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\nRemote Desktop Manager Android 2024.3.3.7 and earlier\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\n\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T14:07:31.977Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2025-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2024-11621",
"datePublished": "2025-02-10T13:55:29.155Z",
"dateReserved": "2024-11-22T13:56:59.218Z",
"dateUpdated": "2025-02-12T15:17:11.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-11621\",\"sourceIdentifier\":\"security@devolutions.net\",\"published\":\"2025-02-10T14:15:29.490\",\"lastModified\":\"2025-02-10T16:15:36.937\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\\n\\nVersions affected are :\\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\\nRemote Desktop Manager Android 2024.3.3.7 and earlier\\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\\n\\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@devolutions.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"references\":[{\"url\":\"https://devolutions.net/security/advisories/DEVO-2025-0001/\",\"source\":\"security@devolutions.net\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11621\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T15:38:05.343392Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T15:37:58.735Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Devolutions\", \"product\": \"Remote Desktop Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.3.9.0\"}], \"platforms\": [\"MacOS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Devolutions\", \"product\": \"Remote Desktop Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.3.2.5\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Devolutions\", \"product\": \"Remote Desktop Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.3.3.7\"}], \"platforms\": [\"Android\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Devolutions\", \"product\": \"Remote Desktop Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.3.3.0\"}], \"platforms\": [\"iOS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Devolutions\", \"product\": \"Remote Desktop Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.3.6.0\"}], \"platforms\": [\"Powershell\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://devolutions.net/security/advisories/DEVO-2025-0001/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\\n\\nVersions affected are :\\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\\nRemote Desktop Manager Android 2024.3.3.7 and earlier\\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\\n\\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eMissing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\u003cbr\u003e\u003cbr\u003eVersions affected are :\u003cbr\u003eRemote Desktop Manager macOS 2024.3.9.0 and earlier\u003cbr\u003eRemote Desktop Manager Linux 2024.3.2.5 and earlier\u003cbr\u003eRemote Desktop Manager Android 2024.3.3.7 and earlier\u003cbr\u003eRemote Desktop Manager iOS 2024.3.3.0 and earlier\u003c/div\u003e\u003cdiv\u003eRemote Desktop Manager Powershell 2024.3.6.0 and earlier\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"bfee16bd-18e6-446c-9a65-f5b2e3d89c23\", \"shortName\": \"DEVOLUTIONS\", \"dateUpdated\": \"2025-02-10T14:07:31.977Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-11621\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-12T15:17:11.387Z\", \"dateReserved\": \"2024-11-22T13:56:59.218Z\", \"assignerOrgId\": \"bfee16bd-18e6-446c-9a65-f5b2e3d89c23\", \"datePublished\": \"2025-02-10T13:55:29.155Z\", \"assignerShortName\": \"DEVOLUTIONS\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.