CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-11621

Critical Severity
SVRS
77/100
CVSSv3
8.8/10
EPSS
0.00027/1

CVE-2024-11621: A critical security vulnerability exists in Devolutions Remote Desktop Manager. The flaw involves missing certificate validation, potentially enabling attackers to perform man-in-the-middle (MITM) attacks. This MITM attack could allow the interception and modification of encrypted communications. The vulnerability affects Remote Desktop Manager across multiple platforms including macOS, iOS, Android, and Linux. This includes the Remote Desktop Manager Powershell version. SOCRadar's SVRS score of 77 indicates a high level of risk, although not critical, demanding a close review of your security posture. Applying the latest security patches is crucial to mitigate this threat and prevent unauthorized access to sensitive data.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-02-10
LAST MODIFIED2025-03-28

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications
Guru Baran2025-02-12
Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications | Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks. These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers. CVE-2025-1193 Improper Host Validation CVE-2025-1193 has been assigned to this vulnerability, with […] The post Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications
cybersecuritynews.com
rss
forum
news
CVE-2024-11621 | Devolutions Remote Desktop Manager certificate validation (DEVO-2025-0001)
vuldb.com2025-02-10
CVE-2024-11621 | Devolutions Remote Desktop Manager certificate validation (DEVO-2025-0001) | A vulnerability classified as problematic was found in Devolutions Remote Desktop Manager up to 2024.3.2.5/2024.3.3.0/2024.3.3.7/2024.3.6.0/2024.3.9.0. This vulnerability affects unknown code. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2024-11621. The attack can be initiated remotely. There is no exploit available.
vuldb.com
rss
forum
news

Social Media

Warning: High severity vulnerabilities in #Devolutions Remote Desktop Manager affecting multiple platforms. #CVE-2025-1193 & #CVE-2024-11621, CVSS 8.1 & 8.8. These improper certificate validations enable #MitM attacks! #Patch #Patch #Patch More info: https://t.co/Dl820KfKyC
0
0
0
CVE-2024-11621 Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications… https://t.co/WfQBBOX8Br
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://devolutions.net/security/advisories/DEVO-2025-0001/
[email protected]https://devolutions.net/security/advisories/DEVO-2025-0001/
GITHUBhttps://devolutions.net/security/advisories/DEVO-2025-0001/

CWE Details

CWE IDCWE NameDescription
CWE-295Improper Certificate ValidationThe software does not validate, or incorrectly validates, a certificate.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence