CVE-2024-11621: Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify...
Description
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.
Versions affected are :
Remote Desktop Manager macOS 2024.3.9.0 and earlier
Remote Desktop Manager Linux 2024.3.2.5 and earlier
Remote Desktop Manager Android 2024.3.3.7 and earlier
Remote Desktop Manager iOS 2024.3.3.0 and earlier
Remote Desktop Manager Powershell 2024.3.6.0 and earlier
Classification
CVE ID: CVE-2024-11621
CVSS Base Severity: HIGH
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
Vendor: Devolutions
Product: Remote Desktop Manager
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.88% (scored less or equal to compared to others)
EPSS Date: 2025-03-11 (when was this score calculated)