CVE-2023-2257
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub
Business space without being prompted to enter the password via an
unimplemented "Force Login" security feature.
This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-04-24 CVE Reserved
- 2023-04-24 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://devolutions.net/security/advisories/DEVO-2023-0011 | 2023-05-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Devolutions Search vendor "Devolutions" | Workspace Search vendor "Devolutions" for product "Workspace" | < 2023.1.1.4 Search vendor "Devolutions" for product "Workspace" and version " < 2023.1.1.4" | desktop |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Devolutions Search vendor "Devolutions" | Workspace Search vendor "Devolutions" for product "Workspace" | < 2023.1.1.4 Search vendor "Devolutions" for product "Workspace" and version " < 2023.1.1.4" | desktop |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|