Login Sign Up

CVE-2024-5072

6.5 MEDIUM

📋 TL;DR

This vulnerability allows authenticated users with PAM JIT elevation access in Devolutions Server to manipulate LDAP filter queries through crafted requests. Attackers could potentially access unauthorized data or escalate privileges. Affected systems are Devolutions Server 2024.1.11.0 and earlier installations with PAM JIT elevation enabled.

💻 Affected Systems

Products:
  • Devolutions Server
Versions: 2024.1.11.0 and earlier
Operating Systems: Windows, Linux
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when PAM JIT elevation feature is enabled and configured with LDAP integration.

📦 What is this software?

Devolutions Server by Devolutions

View all CVEs affecting Devolutions Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could manipulate LDAP queries to access sensitive directory information, escalate privileges, or potentially compromise the entire LDAP directory structure.

🟠

Likely Case

Authenticated users with PAM JIT access could bypass intended access controls to view unauthorized LDAP directory information or user attributes.

🟢

If Mitigated

With proper input validation and query sanitization, the vulnerability would be prevented, maintaining proper access controls and data segregation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access to the PAM JIT elevation feature and knowledge of LDAP query manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.1.12.0 or later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2024-0007

Restart Required: Yes

Instructions:

1. Download Devolutions Server 2024.1.12.0 or later from official sources. 2. Backup current configuration and database. 3. Run the installer to upgrade. 4. Restart Devolutions Server services. 5. Verify functionality post-upgrade.

🔧 Temporary Workarounds

Disable PAM JIT Elevation

all

Temporarily disable the PAM JIT elevation feature until patching is possible.

Navigate to Devolutions Server Admin Console > Security Settings > PAM Settings > Disable JIT Elevation

Restrict PAM JIT Access

all

Limit which users have access to PAM JIT elevation feature to reduce attack surface.

Navigate to Devolutions Server Admin Console > User Management > Edit user permissions > Remove PAM JIT elevation access

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Devolutions Server from sensitive LDAP directories
  • Enable detailed logging and monitoring for all PAM JIT elevation activities and LDAP queries

🔍 How to Verify

Check if Vulnerable:

Check Devolutions Server version in Admin Console > About. If version is 2024.1.11.0 or earlier and PAM JIT elevation is enabled, system is vulnerable.

Check Version:

In Devolutions Server Admin Console, navigate to Help > About to view version information.

Verify Fix Applied:

Verify version is 2024.1.12.0 or later in Admin Console > About. Test PAM JIT elevation functionality with various inputs to ensure proper input validation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual LDAP query patterns from PAM JIT elevation
  • Multiple failed or malformed LDAP filter attempts
  • Unexpected privilege elevation events

Network Indicators:

  • Unusual LDAP traffic volume from Devolutions Server
  • LDAP queries with unexpected filter parameters

SIEM Query:

source="devolutions-server" AND (event_type="pam_jit_elevation" OR ldap_query="*") AND (filter_contains="*" OR query_length>threshold)

📊 Metadata

CVE ID: CVE-2024-5072
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: May 17, 2024
Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON