CVE-2024-11670 - AskarLabs CVE Database

CVE-2024-11670

Vendor Devolutions

Product Remote Desktop Manager

Weakness CWE-863 · Incorrect authorization

Published November 25, 2024

Last update November 25, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.

Key dates

02Disclosure timeline

November 25, 2024 CVE published

November 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11670 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2023-41882 vantage6 Improper Access Control vulnerability CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface CVE-2025-6549 Junos OS: SRX Series: J-Web can be exposed on additional interfaces CVE-2019-3827 CVE-2025-64421 Coolify has a privilege escalation - low privileged user can invite themselves as an admin user