nvd-json-data-feeds/CVE-2024/CVE-2024-116xx/CVE-2024-11672.json

{
  "id": "CVE-2024-11672",
  "sourceIdentifier": "security@devolutions.net",
  "published": "2024-11-25T15:15:07.180",
  "lastModified": "2024-11-25T17:15:12.110",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the \"Add\" permission via the import in vault feature."
    },
    {
      "lang": "es",
      "value": "La autorizaci\u00f3n incorrecta en el componente de agregar permiso en Devolutions Remote Desktop Manager 2024.2.21 y versiones anteriores en Windows permite que un usuario malintencionado autenticado omita el permiso \"Agregar\" a trav\u00e9s de la funci\u00f3n de importaci\u00f3n en b\u00f3veda."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@devolutions.net",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://devolutions.net/security/advisories/DEVO-2024-0016",
      "source": "security@devolutions.net"
    }
  ]
}