CVE-2023-1202

Summary

Permission bypass when importing or synchronizing entries in User vault

in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.

Affected Software

VendorProductVersion RangeStatus
DevolutionsRemote Desktop Manager0 <= 2023.1.9affected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References