{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11621", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2024-11-22T13:56:59.218Z", "datePublished": "2025-02-10T13:55:29.155Z", "dateUpdated": "2025-02-12T15:17:11.387Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2024.3.9.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2024.3.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Android"], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2024.3.3.7", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["iOS"], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2024.3.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Powershell"], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2024.3.6.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.<br><br>Versions affected are :<br>Remote Desktop Manager macOS 2024.3.9.0 and earlier<br>Remote Desktop Manager Linux 2024.3.2.5 and earlier<br>Remote Desktop Manager Android 2024.3.3.7 and earlier<br>Remote Desktop Manager iOS 2024.3.3.0 and earlier</div><div>Remote Desktop Manager Powershell 2024.3.6.0 and earlier<br></div><br>"}], "value": "Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\n\nVersions affected are :\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\nRemote Desktop Manager Android 2024.3.3.7 and earlier\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\n\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2025-02-10T14:07:31.977Z"}, "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0001/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-10T15:38:05.343392Z", "id": "CVE-2024-11621", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T15:17:11.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-11621", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-10T15:38:05.343392Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T15:37:58.735Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Devolutions", "product": "Remote Desktop Manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024.3.9.0"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}, {"vendor": "Devolutions", "product": "Remote Desktop Manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024.3.2.5"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Devolutions", "product": "Remote Desktop Manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024.3.3.7"}], "platforms": ["Android"], "defaultStatus": "unaffected"}, {"vendor": "Devolutions", "product": "Remote Desktop Manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024.3.3.0"}], "platforms": ["iOS"], "defaultStatus": "unaffected"}, {"vendor": "Devolutions", "product": "Remote Desktop Manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024.3.6.0"}], "platforms": ["Powershell"], "defaultStatus": "unaffected"}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0001/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\n\nVersions affected are :\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\nRemote Desktop Manager Android 2024.3.3.7 and earlier\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\n\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier", "supportingMedia": [{"type": "text/html", "value": "<div>Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.<br><br>Versions affected are :<br>Remote Desktop Manager macOS 2024.3.9.0 and earlier<br>Remote Desktop Manager Linux 2024.3.2.5 and earlier<br>Remote Desktop Manager Android 2024.3.3.7 and earlier<br>Remote Desktop Manager iOS 2024.3.3.0 and earlier</div><div>Remote Desktop Manager Powershell 2024.3.6.0 and earlier<br></div><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2025-02-10T14:07:31.977Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11621", "state": "PUBLISHED", "dateUpdated": "2025-02-12T15:17:11.387Z", "dateReserved": "2024-11-22T13:56:59.218Z", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "datePublished": "2025-02-10T13:55:29.155Z", "assignerShortName": "DEVOLUTIONS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:linux:*:*", "matchCriteriaId": "CDD63147-B8F0-4E3A-B918-4E48099C59C0", "versionEndExcluding": "2024.3.2.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "28CF225A-4283-4E40-8C8E-A96F876FBC0F", "versionEndExcluding": "2024.3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:android:*:*", "matchCriteriaId": "BFF11BD1-8E0E-4C36-BE92-1021A528A52E", "versionEndExcluding": "2024.3.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:macos:*:*", "matchCriteriaId": "3CCF282D-0E3B-4AD1-8327-550CA6E3F3A0", "versionEndExcluding": "2024.3.10.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager_powershell:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A58AC78-3998-411F-8935-EE6AE0C13E55", "versionEndExcluding": "2024.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\n\nVersions affected are :\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\nRemote Desktop Manager Android 2024.3.3.7 and earlier\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\n\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier"}, {"lang": "es", "value": "La falta de validaci\u00f3n de certificados en Devolutions Remote Desktop Manager en macOS, iOS, Android y Linux permite que un atacante intercepte y modifique las comunicaciones cifradas mediante un ataque de intermediario. Las versiones afectadas son: Remote Desktop Manager macOS 2024.3.9.0 y anteriores Remote Desktop Manager Linux 2024.3.2.5 y anteriores Remote Desktop Manager Android 2024.3.3.7 y anteriores Remote Desktop Manager iOS 2024.3.3.0 y anteriores Remote Desktop Manager Powershell 2024.3.6.0 y anteriores"}], "id": "CVE-2024-11621", "lastModified": "2025-03-28T16:20:47.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-10T14:15:29.490", "references": [{"source": "security@devolutions.net", "tags": ["Vendor Advisory"], "url": "https://devolutions.net/security/advisories/DEVO-2025-0001/"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security@devolutions.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}