CVE-2021-36382

EUVD-2021-22998
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 LOW
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
mitreCNA
2.6 LOW
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AC:H/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
devolutionsdevolutions_server
𝑥
< 2020.3.20
devolutionsdevolutions_server
𝑥
< 2021.1.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2021-0005
https://devolutions.net/security/advisories/DEVO-2021-0005