CVE-2023-4373 – This vulnerability in Devolutions Remote Deskto... (How to Fix)

Q: What is the severity of CVE-2023-4373?

CVE-2023-4373 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Devolutions Remote Desktop Manager allows users to bypass permission checks when using remote tools and macros, enabling unauthorized connections. It affects versions 2023.2.19 and earlier, potentially allowing privilege escalation or unauthorized access to remote systems.

📋 TL;DR

This vulnerability in Devolutions Remote Desktop Manager allows users to bypass permission checks when using remote tools and macros, enabling unauthorized connections. It affects versions 2023.2.19 and earlier, potentially allowing privilege escalation or unauthorized access to remote systems.

💻 Affected Systems

Products:

Devolutions Remote Desktop Manager

Versions: 2023.2.19 and earlier

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations using remote tools or macros feature.

📦 What is this software?

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain unauthorized access to sensitive remote systems, execute arbitrary commands, or steal credentials through privilege escalation.

🟠

Likely Case

Unauthorized users could access remote systems they shouldn't have permissions for, potentially leading to data exposure or lateral movement.

🟢

If Mitigated

With proper access controls and network segmentation, impact would be limited to unauthorized connections within permitted network segments.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires user access to the Remote Desktop Manager application but bypasses permission checks within the application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.2.20 or later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2023-0015/

Restart Required: Yes

Instructions:

1. Download latest version from Devolutions website. 2. Run installer. 3. Restart Remote Desktop Manager. 4. Verify version is 2023.2.20 or higher.

🔧 Temporary Workarounds

Disable Remote Tools Feature

all

Temporarily disable the remote tools and macros functionality until patched.

Navigate to Tools > Options > Security > Disable 'Enable remote tools' and 'Enable macros'

🧯 If You Can't Patch

Restrict user permissions to only essential personnel
Implement network segmentation to isolate Remote Desktop Manager instances

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Remote Desktop Manager for version number. If version is 2023.2.19 or earlier, system is vulnerable.

Check Version:

In Remote Desktop Manager: Help > About

Verify Fix Applied:

Verify version is 2023.2.20 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unexpected connection attempts via remote tools
Macro execution without proper permissions

Network Indicators:

Unusual RDP/VNC/SSH connections originating from Remote Desktop Manager hosts

SIEM Query:

source="RemoteDesktopManager" AND (event="UnauthorizedConnection" OR event="PermissionBypass")

📊 Metadata

CVE ID: CVE-2023-4373

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: August 21, 2023

Last Updated: November 21, 2024

🔗 References

https://devolutions.net/security/advisories/DEVO-2023-0015/ Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0015/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4373, you might also want to check these: