CVE-2024-1764 – This vulnerability allows users in Devolutions ... (How to Fix)

Q: What is the severity of CVE-2024-1764?

CVE-2024-1764 has a CVSS score of 7.6 (HIGH). This vulnerability allows users in Devolutions Server to retain elevated privileges beyond their intended expiration time. Attackers could exploit this to maintain unauthorized access to sensitive systems. Organizations running affected versions of Devolutions Server are at risk.

📋 TL;DR

This vulnerability allows users in Devolutions Server to retain elevated privileges beyond their intended expiration time. Attackers could exploit this to maintain unauthorized access to sensitive systems. Organizations running affected versions of Devolutions Server are at risk.

💻 Affected Systems

Products:

Devolutions Server

Versions: 2023.3.14.0 and earlier

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using JIT elevation module functionality

📦 What is this software?

Devolutions Server by Devolutions

View all CVEs affecting Devolutions Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could maintain persistent administrative access to the Devolutions Server environment, potentially compromising all managed systems and credentials.

🟠

Likely Case

Authorized users accidentally or intentionally retain elevated privileges longer than intended, leading to privilege creep and potential policy violations.

🟢

If Mitigated

With proper monitoring and least privilege principles, impact is limited to temporary privilege retention that can be detected and revoked.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated user access to the Devolutions Server interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.3.15.0 or later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2024-0002

Restart Required: Yes

Instructions:

1. Download latest version from Devolutions website. 2. Backup current installation. 3. Run installer with administrative privileges. 4. Restart Devolutions Server service.

🔧 Temporary Workarounds

Disable JIT Elevation

all

Temporarily disable Just-in-Time elevation functionality to prevent exploitation

Navigate to Administration > Security > JIT Elevation Settings and disable the feature

Manual Privilege Review

all

Regularly audit and manually revoke elevated privileges

Review user sessions and manually revoke elevated privileges through administration interface

🧯 If You Can't Patch

Implement strict session monitoring and alert on extended privilege usage
Enforce regular privilege reviews and manual revocation procedures

🔍 How to Verify

Check if Vulnerable:

Check Devolutions Server version in Administration > About. If version is 2023.3.14.0 or earlier, system is vulnerable.

Check Version:

Check version in web interface at Administration > About or via PowerShell: Get-Service DevolutionsServer | Select-Object -Property Name, DisplayName, Status

Verify Fix Applied:

Verify version is 2023.3.15.0 or later in Administration > About, then test JIT elevation expiration functionality.

📡 Detection & Monitoring

Log Indicators:

Extended privilege sessions beyond configured expiration times
Multiple privilege elevation requests from same user

Network Indicators:

Unusual authentication patterns to privileged resources

SIEM Query:

source="devolutions_server" AND (event_type="privilege_elevation" AND duration>expiration_time)

📊 Metadata

CVE ID: CVE-2024-1764

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-269

Published: March 5, 2024

Last Updated: March 28, 2025

🔗 References

https://devolutions.net/security/advisories/DEVO-2024-0002 Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2024-0002 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1764, you might also want to check these: