CVE-2024-1901

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1901
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://devolutions.net/security/advisories/DEVO-2024-0002 Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2024-0002 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
History

28 Mar 2025, 16:21

Type Values Removed Values Added
First Time Devolutions devolutions Server
Devolutions
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
References () https://devolutions.net/security/advisories/DEVO-2024-0002 - () https://devolutions.net/security/advisories/DEVO-2024-0002 - Vendor Advisory

21 Nov 2024, 08:51

Type Values Removed Values Added
References () https://devolutions.net/security/advisories/DEVO-2024-0002 - () https://devolutions.net/security/advisories/DEVO-2024-0002 -

06 Nov 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3

06 Mar 2024, 15:18

Type Values Removed Values Added
Summary
  • (es) La denegación de servicio en la rotación de contraseñas de PAM durante el proceso de registro en Devolutions Server 2023.3.14.0 permite que un usuario autenticado con permisos de PAM específicos haga que las credenciales de PAM no estén disponibles.

05 Mar 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-05 22:15

Updated : 2025-03-28 16:21

NVD link : CVE-2024-1901

Mitre link : CVE-2024-1901

CVE.ORG link : CVE-2024-1901

JSON object : View

Products Affected

devolutions

  • devolutions_server
CWE
NVD-CWE-noinfo