CVE-2024-12149

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12149
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://devolutions.net/security/advisories/DEVO-2024-0017 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*
cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*
History

28 Mar 2025, 16:21

Type Values Removed Values Added
References () https://devolutions.net/security/advisories/DEVO-2024-0017 - () https://devolutions.net/security/advisories/DEVO-2024-0017 - Vendor Advisory
First Time Devolutions remote Desktop Manager
Devolutions
CPE cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*
cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*

05 Dec 2024, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
Summary
  • (es) La asignación incorrecta de permisos en el componente de solicitudes de acceso temporal en Devolutions Remote Desktop Manager 2024.3.19.0 y versiones anteriores en Windows permite que un usuario autenticado que solicita permisos temporales en una entrada obtenga más privilegios de los solicitados.

04 Dec 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-04 18:15

Updated : 2025-03-28 16:21

NVD link : CVE-2024-12149

Mitre link : CVE-2024-12149

CVE.ORG link : CVE-2024-12149

JSON object : View

Products Affected

devolutions

  • remote_desktop_manager
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource