CVE-2023-7047

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2023-0024/	Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0024/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() https://devolutions.net/security/advisories/DEVO-2023-0024/ - Vendor Advisory~~	() https://devolutions.net/security/advisories/DEVO-2023-0024/ - Vendor Advisory

29 Oct 2024, 17:35

Type	Values Removed	Values Added
CWE		CWE-863

Information

Published : 2023-12-21 15:15

Updated : 2024-11-21 08:45

NVD link : CVE-2023-7047

Mitre link : CVE-2023-7047

CVE.ORG link : CVE-2023-7047

JSON object : View

Products Affected

devolutions

remote_desktop_manager

windows

CWE

NVD-CWE-noinfo CWE-863

Incorrect Authorization

{"id": "CVE-2023-7047", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}]}, "published": "2023-12-21T15:15:14.427", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2023-0024/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://devolutions.net/security/advisories/DEVO-2023-0024/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "\nInadequate validation of permissions when employing remote tools and \nmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and \nearlier permits a user to initiate a connection without proper execution\n rights via the remote tools feature. This affects only SQL data sources.\n"}, {"lang": "es", "value": "La validaci\u00f3n inadecuada de permisos al emplear herramientas remotas y macros a trav\u00e9s del men\u00fa contextual dentro de las versiones 2023.3.31 y anteriores de Devolutions Remote Desktop Manager permite a un usuario iniciar una conexi\u00f3n sin los derechos de ejecuci\u00f3n adecuados a trav\u00e9s de la funci\u00f3n de herramientas remotas. Esto afecta s\u00f3lo a las fuentes de datos SQL."}], "lastModified": "2024-11-21T08:45:07.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54C810F3-599E-44AD-ABF9-B63C828D2868", "versionEndIncluding": "2023.3.31.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}