Devolutions reports critical flaw in Remote Desktop Manager
Take action: If you are using Devolutions Remote Desktop Manager, update your RDM to the newest release ASAP. In the meantime, lock down the accessibility of RDM only from trusted IP addresses/networks.
A severe security flaw has been identified in Remote Desktop Manager (RDM), widely utilized software for managing remote desktop connections.
Remote Desktop Manager (RDM) Developed by Devolutions is a software application designed to manage all of your remote connections and virtual machines conveniently from a single interface. RDM is often used by IT departments to manage remote connections for support and administrative purposes, facilitating access to a variety of remote connection types such as RDP (Remote Desktop Protocol), SSH (Secure Shell), and many others, in a secure and organized manner.
This flaw, tracked as CVE-2023-5765 (CVSS3 score 9.1) stems from improper processing of TCP packets by RDM. If exploited, a hacker could send a malformed TCP packet to the target system, leading to arbitrary code execution by RDM. Such actions could result in the hacker gaining control of the system, introducing malware, or accessing sensitive data.
All RDM versions prior to 2023.2.34 are susceptible to this security flaw. Devolutions has made available an update that rectifies the issue. Users are strongly advised to upgrade to the most recent RDM version as soon as possible.
|Critical Splunk Enterprise Vulnerability reported, PoC already available
|Privilege escalation vulnerability in Windows Kubernetes endpoints
|BIND 9 DNS server fixes two serious vulnerabilities
|Data centre PDU Dataprobe iBoot fixes Vulnerabilities including …
|Vulnerabilities in ScrutisWeb, including critical, expose remote ATMs …