CVE-2024-6512
📋 TL;DR
This CVE describes an authorization bypass vulnerability in Devolutions Server's PAM access request approval mechanism. Authenticated users with approval permissions can approve their own access requests, circumventing intended security controls. This affects Devolutions Server 2024.2.10 and earlier versions.
💻 Affected Systems
- Devolutions Server
📦 What is this software?
Devolutions Server by Devolutions
⚠️ Risk & Real-World Impact
Worst Case
Privileged users could grant themselves unauthorized access to sensitive systems and data, potentially leading to data breaches, privilege escalation, or lateral movement within the network.
Likely Case
Users with approval permissions could bypass separation-of-duties controls to access systems they shouldn't have access to, violating security policies and compliance requirements.
If Mitigated
With proper monitoring and least privilege principles, impact would be limited to policy violations that could be detected and remediated quickly.
🎯 Exploit Status
Exploitation requires authenticated access and approval permissions. The vulnerability is in the approval workflow logic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.2.11 or later
Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2024-0013
Restart Required: Yes
Instructions:
1. Download Devolutions Server 2024.2.11 or later from official sources. 2. Backup current configuration and database. 3. Run the installer/upgrade package. 4. Restart Devolutions Server services. 5. Verify functionality post-upgrade.
🔧 Temporary Workarounds
Temporary approval workflow restriction
allDisable or restrict PAM access request approvals until patching can be completed
Enhanced monitoring of approval activities
allImplement additional logging and alerting for self-approval attempts
🧯 If You Can't Patch
- Implement strict separation of duties: ensure no user has both request and approval permissions
- Enable detailed auditing of all PAM access request and approval activities with real-time alerts
🔍 How to Verify
Check if Vulnerable:
Check Devolutions Server version in administration console or via version file. If version is 2024.2.10 or earlier, system is vulnerable.Check Version:
Check administration console or examine server installation directory for version informationVerify Fix Applied:
Verify version is 2024.2.11 or later. Test PAM approval workflow to confirm users cannot approve their own requests.📡 Detection & Monitoring
Log Indicators:
- User approving their own access requests
- Multiple self-approval attempts
- Unusual approval patterns outside normal workflow
Network Indicators:
- Unusual API calls to approval endpoints
- Requests bypassing normal approval chains
SIEM Query:
source="devolutions_server" AND (event_type="approval" OR event_type="access_request") AND user_id=approver_id