Remote Desktop Manager Flaw

Recent reports indicate that the Remote Desktop Manager and Devolutions Server have been affected by improper access control and Remote code execution vulnerabilities.

The CVEs of these vulnerabilities have been assigned as CVE-2023-5766, CVE-2023-5765, and CVE-2023-5358. The severity of these vulnerabilities ranges between 4.3 (Medium) and 8.8 (High).

Remote Desktop Manager is used by sysadmins to remotely access a host of systems using a variety of software, services, and applications.

On the other hand, Devolutions Server is a self-hosted management solution that can help organizations control access to privileged accounts and business user passwords.

CVE-2023-5766: Remote Code execution in Remote Desktop Manager

This vulnerability exists in Remote Desktop Manager 2023.2.33 and earlier on Windows, which could allow a threat actor to execute codes remotely from another Windows user session on the same host through a specially crafted TCP packet. The severity of this vulnerability has been given as 8.8 (High).

CVE-2023-5765: Improper access control in Password Analyser feature

This vulnerability exists in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows, which could allow a threat actor to bypass permissions through data source switching. The severity of this vulnerability has been given as 4.3 (Medium).

CVE-2023-5358: Improper access control in Report log filters feature

This vulnerability exists in the Report log filters feature in Devolutions Server 2023.2.10.0 and earlier, which could allow a threat actor to extract logs from vaults or restrict entries from accessing via the report request URL query parameters. The severity of this vulnerability has been given as 4.3 (Medium).

Affected Products and Fixed in Version

CVE IDAffected ProductsFixed in Versions
CVE-2023-5766Remote Desktop Manager 2023.2.33 and earlier on WindowsRemote Desktop Manager Windows 2023.3.20 or higher
CVE-2023-5765Devolutions Remote Desktop Manager 2023.2.33 and earlier on WindowsRemote Desktop Manager Windows 2023.3.20 or higher
CVE-2023-5358Devolutions Server 2023.2.10.0 and earlierDevolutions Server 2023.3.4.0 or higher

Users of these products are recommended to upgrade to the latest version of these products in order to prevent these vulnerabilities from getting exploited.

Protect vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a Free Trial to ensure 100% security.

Eswar
Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.