CVE-2023-1939

No access control for the OTP key

on OTP entries

 in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
DEVOLUTIONSCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
devolutionsremote_desktop_manager
𝑥
≤ 2022.3.2.0
devolutionsremote_desktop_manager
𝑥
≤ 2022.3.33.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2023-0009
https://devolutions.net/security/advisories/DEVO-2023-0009