CVE-2024-6354

{"id": "CVE-2024-6354", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-06-26T17:15:27.497", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2024-0010", "tags": ["Vendor Advisory"], "source": "security@devolutions.net"}, {"url": "https://devolutions.net/security/advisories/DEVO-2024-0010", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1262"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard."}, {"lang": "es", "value": "El control de acceso inadecuado en el panel de PAM en Devolutions Remote Desktop Manager 2024.2.11 y versiones anteriores en Windows permite a un usuario autenticado omitir el permiso de ejecuci\u00f3n mediante el uso del panel de PAM."}], "lastModified": "2025-03-28T16:19:33.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "FBA312E3-411A-439F-BD23-8C8B22A5BE0E", "versionEndExcluding": "2024.2.12.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*", "vulnerable": true, "matchCriteriaId": "2CD07B0A-8CB9-4FAF-A330-58533C04D56B", "versionEndExcluding": "2024.2.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@devolutions.net"}