CVE-2024-12149 – This vulnerability allows authenticated users i... (How to Fix)

Q: What is the severity of CVE-2024-12149?

CVE-2024-12149 has a CVSS score of 8.1 (HIGH). This vulnerability allows authenticated users in Devolutions Remote Desktop Manager to request temporary permissions on entries and receive higher privileges than requested due to incorrect permission assignment. It affects Windows installations of Remote Desktop Manager version 2024.3.19.0 and earlier.

📋 TL;DR

This vulnerability allows authenticated users in Devolutions Remote Desktop Manager to request temporary permissions on entries and receive higher privileges than requested due to incorrect permission assignment. It affects Windows installations of Remote Desktop Manager version 2024.3.19.0 and earlier.

💻 Affected Systems

Products:

Devolutions Remote Desktop Manager

Versions: 2024.3.19.0 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the temporary access requests component. Requires authenticated user access.

📦 What is this software?

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated user could escalate privileges to administrative levels, potentially gaining full control over the Remote Desktop Manager instance and accessing all managed credentials and connections.

🟠

Likely Case

Users with standard access could gain elevated permissions to view or modify entries they shouldn't have access to, leading to credential exposure or unauthorized system access.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to temporary privilege misuse that could be detected and revoked.

🌐 Internet-Facing: LOW (requires authenticated access to the application)

🏢 Internal Only: HIGH (affects internal users with legitimate access to the system)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but appears straightforward based on the vulnerability description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.3.20.0 or later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2024-0017

Restart Required: Yes

Instructions:

1. Download latest version from Devolutions website
2. Run installer to upgrade existing installation
3. Restart Remote Desktop Manager service

🔧 Temporary Workarounds

Disable temporary access requests

windows

Temporarily disable the temporary access requests feature to prevent exploitation

Navigate to Administration > Security Settings > Temporary Access and disable the feature

🧯 If You Can't Patch

Restrict user permissions to minimum required levels
Implement strict monitoring of permission changes and access logs

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Remote Desktop Manager for version number

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 2024.3.20.0 or later in Help > About

📡 Detection & Monitoring

Log Indicators:

Unusual permission escalation events
Multiple temporary access requests from same user
Access to entries outside normal user scope

Network Indicators:

Not applicable - local application vulnerability

SIEM Query:

Search for 'temporary access' or 'permission escalation' events in application logs

📊 Metadata

CVE ID: CVE-2024-12149

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-732

Published: December 4, 2024

Last Updated: March 28, 2025

🔗 References

https://devolutions.net/security/advisories/DEVO-2024-0017 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12149, you might also want to check these: