Login Sign Up

CVE-2021-42098

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Devolutions Remote Desktop Manager allows attackers to bypass permission checks via batch custom PowerShell scripts. Attackers could execute unauthorized actions that should be restricted by user permissions. Organizations using affected versions of Remote Desktop Manager are at risk.

💻 Affected Systems

Products:
  • Devolutions Remote Desktop Manager
Versions: All versions before 2021.2.16
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments using batch custom PowerShell functionality with permission checks.

📦 What is this software?

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain unauthorized access to sensitive systems and credentials managed by Remote Desktop Manager, potentially leading to lateral movement and full network compromise.

🟠

Likely Case

Privilege escalation within Remote Desktop Manager allowing unauthorized access to credentials and connections that should be restricted.

🟢

If Mitigated

Limited impact with proper network segmentation and least privilege access controls in place.

🌐 Internet-Facing: MEDIUM - While the application itself may be internet-facing, exploitation typically requires some level of access to the system.
🏢 Internal Only: HIGH - This is primarily an internal application vulnerability that could be exploited by malicious insiders or attackers who have gained initial access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some level of access to the system but the bypass mechanism is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2021.2.16 and later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2021-0006

Restart Required: Yes

Instructions:

1. Download and install Remote Desktop Manager version 2021.2.16 or later from Devolutions website. 2. Close all Remote Desktop Manager instances. 3. Run the installer. 4. Restart the application.

🔧 Temporary Workarounds

Disable batch custom PowerShell

windows

Temporarily disable batch custom PowerShell functionality until patching can be completed.

Navigate to Administration > Security > Security Settings > Disable 'Allow batch custom PowerShell'

🧯 If You Can't Patch

  • Implement strict access controls and monitor for unusual PowerShell execution patterns
  • Segment Remote Desktop Manager systems from critical infrastructure and implement network monitoring

🔍 How to Verify

Check if Vulnerable:

Check Remote Desktop Manager version in Help > About. If version is below 2021.2.16, the system is vulnerable.

Check Version:

In Remote Desktop Manager: Help > About displays current version

Verify Fix Applied:

Verify version is 2021.2.16 or higher in Help > About and test permission enforcement on batch PowerShell entries.

📡 Detection & Monitoring

Log Indicators:

  • Unusual PowerShell execution patterns in Remote Desktop Manager logs
  • Permission bypass attempts in security logs

Network Indicators:

  • Unexpected connections from Remote Desktop Manager systems to sensitive targets

SIEM Query:

source="RemoteDesktopManager" AND (event_type="PowerShell_execution" OR event_type="permission_bypass")

📊 Metadata

CVE ID: CVE-2021-42098
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: October 18, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42098, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)