Detections
Analytics
Devolutions Remote Desktop < 2024.3.20.0 Improper Certificate Validation (DEVO-2025-0001)
high Nessus Plugin ID 216584
Language:
Synopsis
The Devolutions Remote Desktop Manager instance installed on the remote host is affected by an improper certificate validation vulnerability.Description
The version of Devolutions Remote Desktop Manager installed on the remote host is prior to 2024.3.20.0 and is, therefore, affected by an improper certificate validation vulnerability:- Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. (CVE-2025-1193)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Devolutions Remote Desktop Manager version 2024.3.20.0 or later.See Also
Plugin Details
Severity: High
ID: 216584
File Name: devolutions_desktop_manager_DEVO-2025-0001.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 2/21/2025
Updated: 3/20/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: High
Base Score: 8.8
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:N
CVSS Score Source: CVE-2025-1193
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: x-cpe:/a:devolutions:remote_desktop_manager
Required KB Items: SMB/Registry/Enumerated, installed_sw/Devolutions Remote Desktop Manager
Exploit Ease: No known exploits are available
Patch Publication Date: 2/10/2025
Vulnerability Publication Date: 2/10/2025
Reference Information
CVE: CVE-2025-1193
IAVB: 2025-B-0026-S