CVE-2023-5240

Summary

CVE-2023-5240 is a newly identified vulnerability affecting Devolutions Server 2023.2.8.0 and earlier versions. This issue stems from insufficient access controls in Password Management Assistant (PAM) propagation scripts. A malicious user with permission to manage these scripts can exploit the weakness and retrieve passwords stored within the system via a simple GET request. This vulnerability poses a significant risk, as unauthorized access to passwords can lead to further security breaches and data theft. It is crucial for Devolutions Server users to upgrade to a patched version immediately to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.