CVE-2024-11621

{"id": "CVE-2024-11621", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-02-10T14:15:29.490", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0001/", "tags": ["Vendor Advisory"], "source": "security@devolutions.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@devolutions.net", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\n\nVersions affected are :\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\nRemote Desktop Manager Android 2024.3.3.7 and earlier\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\n\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier"}, {"lang": "es", "value": "La falta de validaci\u00f3n de certificados en Devolutions Remote Desktop Manager en macOS, iOS, Android y Linux permite que un atacante intercepte y modifique las comunicaciones cifradas mediante un ataque de intermediario. Las versiones afectadas son: Remote Desktop Manager macOS 2024.3.9.0 y anteriores Remote Desktop Manager Linux 2024.3.2.5 y anteriores Remote Desktop Manager Android 2024.3.3.7 y anteriores Remote Desktop Manager iOS 2024.3.3.0 y anteriores Remote Desktop Manager Powershell 2024.3.6.0 y anteriores"}], "lastModified": "2025-03-28T16:20:47.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "CDD63147-B8F0-4E3A-B918-4E48099C59C0", "versionEndExcluding": "2024.3.2.9"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "28CF225A-4283-4E40-8C8E-A96F876FBC0F", "versionEndExcluding": "2024.3.4.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "BFF11BD1-8E0E-4C36-BE92-1021A528A52E", "versionEndExcluding": "2024.3.4.2"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "3CCF282D-0E3B-4AD1-8327-550CA6E3F3A0", "versionEndExcluding": "2024.3.10.3"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager_powershell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A58AC78-3998-411F-8935-EE6AE0C13E55", "versionEndExcluding": "2024.3.7"}], "operator": "OR"}]}], "sourceIdentifier": "security@devolutions.net"}