/

CVE-2023-1939 Report - Details, Severity, & Advisories

CVE-2023-1939 Report - Details, Severity, & Advisories

Twingate Team

May 13, 2024

CVE-2023-1939 is a medium-severity vulnerability affecting certain versions of Devolutions Remote Desktop Manager on Windows and Linux platforms. The issue stems from a lack of access control for OTP keys, allowing non-admin users to view these keys through the user interface. To address this vulnerability, users are advised to upgrade their Remote Desktop Manager software to the latest versions.

How do I know if I'm affected?

To determine if you're affected by the this vulnerability, check if you're using Devolutions Remote Desktop Manager on Windows or Linux platforms. Specifically, Windows versions up to and including 2022.3.33.0 and Linux versions up to and including 2022.3.2.0 are affected. This vulnerability allows non-admin users to view OTP keys through the user interface due to a lack of access control.

What should I do if I'm affected?

If you're affected by the CVE-2023-1939 vulnerability, follow these simple steps: Check if you're using an affected version of Devolutions Remote Desktop Manager on Windows or Linux. If so, upgrade your software to the latest version. For Windows, update to 2022.3.34 or higher, and for Linux, update to 2022.3.2.1 or higher. This will help secure your system and prevent unauthorized access to OTP keys.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-1939 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named No access control for the OTP key on OTP entries, was added to the National Vulnerability Database on 04/11/2023. There is no due date or required action provided, but upgrading to the latest version of Devolutions Remote Desktop Manager is recommended to mitigate the issue.

Weakness enumeration

The Weakness Enumeration for this vulnerability is categorized as CWE-732, which refers to incorrect permission assignment for critical resources.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resource listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1939 Report - Details, Severity, & Advisories

CVE-2023-1939 Report - Details, Severity, & Advisories

Twingate Team

May 13, 2024

CVE-2023-1939 is a medium-severity vulnerability affecting certain versions of Devolutions Remote Desktop Manager on Windows and Linux platforms. The issue stems from a lack of access control for OTP keys, allowing non-admin users to view these keys through the user interface. To address this vulnerability, users are advised to upgrade their Remote Desktop Manager software to the latest versions.

How do I know if I'm affected?

To determine if you're affected by the this vulnerability, check if you're using Devolutions Remote Desktop Manager on Windows or Linux platforms. Specifically, Windows versions up to and including 2022.3.33.0 and Linux versions up to and including 2022.3.2.0 are affected. This vulnerability allows non-admin users to view OTP keys through the user interface due to a lack of access control.

What should I do if I'm affected?

If you're affected by the CVE-2023-1939 vulnerability, follow these simple steps: Check if you're using an affected version of Devolutions Remote Desktop Manager on Windows or Linux. If so, upgrade your software to the latest version. For Windows, update to 2022.3.34 or higher, and for Linux, update to 2022.3.2.1 or higher. This will help secure your system and prevent unauthorized access to OTP keys.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-1939 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named No access control for the OTP key on OTP entries, was added to the National Vulnerability Database on 04/11/2023. There is no due date or required action provided, but upgrading to the latest version of Devolutions Remote Desktop Manager is recommended to mitigate the issue.

Weakness enumeration

The Weakness Enumeration for this vulnerability is categorized as CWE-732, which refers to incorrect permission assignment for critical resources.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resource listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1939 Report - Details, Severity, & Advisories

Twingate Team

May 13, 2024

CVE-2023-1939 is a medium-severity vulnerability affecting certain versions of Devolutions Remote Desktop Manager on Windows and Linux platforms. The issue stems from a lack of access control for OTP keys, allowing non-admin users to view these keys through the user interface. To address this vulnerability, users are advised to upgrade their Remote Desktop Manager software to the latest versions.

How do I know if I'm affected?

To determine if you're affected by the this vulnerability, check if you're using Devolutions Remote Desktop Manager on Windows or Linux platforms. Specifically, Windows versions up to and including 2022.3.33.0 and Linux versions up to and including 2022.3.2.0 are affected. This vulnerability allows non-admin users to view OTP keys through the user interface due to a lack of access control.

What should I do if I'm affected?

If you're affected by the CVE-2023-1939 vulnerability, follow these simple steps: Check if you're using an affected version of Devolutions Remote Desktop Manager on Windows or Linux. If so, upgrade your software to the latest version. For Windows, update to 2022.3.34 or higher, and for Linux, update to 2022.3.2.1 or higher. This will help secure your system and prevent unauthorized access to OTP keys.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-1939 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named No access control for the OTP key on OTP entries, was added to the National Vulnerability Database on 04/11/2023. There is no due date or required action provided, but upgrading to the latest version of Devolutions Remote Desktop Manager is recommended to mitigate the issue.

Weakness enumeration

The Weakness Enumeration for this vulnerability is categorized as CWE-732, which refers to incorrect permission assignment for critical resources.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resource listed below.