{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11621","assignerOrgId":"bfee16bd-18e6-446c-9a65-f5b2e3d89c23","state":"PUBLISHED","assignerShortName":"DEVOLUTIONS","dateReserved":"2024-11-22T13:56:59.218Z","datePublished":"2025-02-10T13:55:29.155Z","dateUpdated":"2025-02-12T15:17:11.387Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["MacOS"],"product":"Remote Desktop Manager","vendor":"Devolutions","versions":[{"lessThanOrEqual":"2024.3.9.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Linux"],"product":"Remote Desktop Manager","vendor":"Devolutions","versions":[{"lessThanOrEqual":"2024.3.2.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Android"],"product":"Remote Desktop Manager","vendor":"Devolutions","versions":[{"lessThanOrEqual":"2024.3.3.7","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["iOS"],"product":"Remote Desktop Manager","vendor":"Devolutions","versions":[{"lessThanOrEqual":"2024.3.3.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Powershell"],"product":"Remote Desktop Manager","vendor":"Devolutions","versions":[{"lessThanOrEqual":"2024.3.6.0","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div>Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.<br><br>Versions affected are :<br>Remote Desktop Manager macOS 2024.3.9.0 and earlier<br>Remote Desktop Manager Linux 2024.3.2.5 and earlier<br>Remote Desktop Manager Android  2024.3.3.7 and earlier<br>Remote Desktop Manager iOS 2024.3.3.0 and earlier</div><div>Remote Desktop Manager Powershell 2024.3.6.0 and earlier<br></div><br>"}],"value":"Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\n\nVersions affected are :\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\nRemote Desktop Manager Android  2024.3.3.7 and earlier\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\n\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295: Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"bfee16bd-18e6-446c-9a65-f5b2e3d89c23","shortName":"DEVOLUTIONS","dateUpdated":"2025-02-10T14:07:31.977Z"},"references":[{"url":"https://devolutions.net/security/advisories/DEVO-2025-0001/"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-02-10T15:38:05.343392Z","id":"CVE-2024-11621","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T15:17:11.387Z"}}]}}