CRITICAL🇵🇱 Wersja polska

CVE-2023-6593

CVSS 9.8v3.1pub. 2023-12-12upd. 2024-11-21

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.

🤖 AI Analysis
How it works

The permission control mechanism is implemented exclusively on the client side, which means it can be bypassed without modifying the server. An attacker with access to the application on an iOS device can circumvent the imposed restrictions and perform entries in the SQL data source to which they should not normally have access. The vulnerability is classified as CWE-732, which is improper assignment of permissions to critical resources.

Impact

An attacker can perform arbitrary entries in the SQL data source without restrictions, leading to potential unauthorized access to data, its modification, or breach of confidentiality and integrity of stored remote connections.

Mitigation & patch

Devolutions Remote Desktop Manager should be updated to a version higher than 2023.3.4.0. Detailed information about available patches can be found in the official manufacturer's bulletin: https://devolutions.net/security/advisories/DEVO-2023-0023/

Who is affected

Devolutions Remote Desktop Manager version 2023.3.4.0 and earlier on iOS platform (Apple iPhone OS).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple iOS

    OS
    Apple
    wszystkie wersje
  • Devolutions Remote Desktop Manager

    APP
    Devolutions
    < 2023.3.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki

CVE-2025-24085CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Use-after-free w Apple iOS/iPadOS/macOS — privilege escalation przez aplikację