CVE-2022-33995 – This path traversal vulnerability in Devolution... (How to Fix)

Q: What is the severity of CVE-2022-33995?

CVE-2022-33995 has a CVSS score of 7.5 (HIGH). This path traversal vulnerability in Devolutions Remote Desktop Manager allows attackers to create or overwrite arbitrary files on the system by manipulating entry attachments. It affects all users running versions before 2022.2, potentially enabling file system compromise.

📋 TL;DR

This path traversal vulnerability in Devolutions Remote Desktop Manager allows attackers to create or overwrite arbitrary files on the system by manipulating entry attachments. It affects all users running versions before 2022.2, potentially enabling file system compromise.

💻 Affected Systems

Products:

Devolutions Remote Desktop Manager

Versions: All versions before 2022.2

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using entry attachments feature are vulnerable by default.

📦 What is this software?

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file creation/overwrite leading to remote code execution, data destruction, or privilege escalation.

🟠

Likely Case

Unauthorized file creation/modification in sensitive directories, potentially enabling persistence mechanisms or configuration tampering.

🟢

If Mitigated

Limited impact if proper file system permissions restrict write access to critical locations.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access to the Remote Desktop Manager interface to exploit the entry attachments feature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2022.2 and later

Vendor Advisory: https://devolutions.net

Restart Required: Yes

Instructions:

1. Download and install Remote Desktop Manager version 2022.2 or later from Devolutions website. 2. Close all Remote Desktop Manager instances. 3. Run the installer. 4. Restart the application.

🔧 Temporary Workarounds

Disable entry attachments

all

Temporarily disable the entry attachments feature to prevent exploitation.

Restrict file system permissions

all

Apply strict file system permissions to limit where the application can write files.

🧯 If You Can't Patch

Implement strict access controls to limit who can use entry attachments feature.
Monitor file system for unauthorized file creation/modification in sensitive directories.

🔍 How to Verify

Check if Vulnerable:

Check Remote Desktop Manager version in Help > About menu. If version is below 2022.2, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Confirm version is 2022.2 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual file creation/modification events in application logs
Multiple failed path traversal attempts

Network Indicators:

Unusual file upload patterns to entry attachments

SIEM Query:

source="rdm_logs" AND (event="file_creation" OR event="file_modification") AND path CONTAINS ".."

📊 Metadata

CVE ID: CVE-2022-33995

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-22

Published: June 21, 2022

Last Updated: November 21, 2024

🔗 References

https://devolutions.net Product
https://devolutions.net Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33995, you might also want to check these: