CVE-2024-11672 - AskarLabs CVE Database

CVE-2024-11672

Vendor Devolutions

Product Remote Desktop Manager

Weakness CWE-863 · Incorrect authorization

Published November 25, 2024

Last update November 25, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.

Key dates

02Disclosure timeline

November 25, 2024 CVE published

November 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11672

Related vulnerabilities

04Related CVE

CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin CVE-2025-48475 FreeScout Vulnerable to Insufficient Authorization CVE-2021-24917 WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation