CVE-2024-0589 in Remote Desktop Managerinfo

Summary

by MITRE • 01/31/2024

Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 06/09/2025

This cross-site scripting vulnerability exists within Devolutions Remote Desktop Manager version 2023.3.36 and earlier on Windows platforms, specifically affecting the entry overview tab functionality. The flaw represents a classic client-side injection vulnerability that enables malicious script execution in the context of a victim's browser session. The vulnerability stems from insufficient input validation and output encoding mechanisms within the application's web interface components that handle entry data display. Attackers can exploit this weakness by crafting specially formatted input data that gets rendered in the entry overview tab without proper sanitization, allowing malicious scripts to execute when other users view the compromised entries.

The technical exploitation of this vulnerability follows established XSS patterns where malicious payloads are injected into application inputs that are subsequently displayed to other users. The attack vector specifically targets the data source access privilege level, requiring an attacker to already have legitimate access to the remote desktop manager's data repository. This makes the vulnerability particularly dangerous in environments where multiple users share the same data source, as a single compromised entry can affect the entire user base. The vulnerability is classified under CWE-79 which specifically addresses cross-site scripting flaws in web applications, and aligns with ATT&CK technique T1566.001 for initial access through spearphishing attachments or links.

The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to steal session cookies, perform unauthorized actions on behalf of users, redirect victims to malicious sites, or extract sensitive information from the application's data store. In the context of remote desktop management tools, this could lead to complete compromise of the remote access infrastructure, potentially allowing attackers to escalate privileges and gain access to systems managed through the compromised remote desktop manager. The vulnerability affects the application's integrity and confidentiality by enabling unauthorized code execution in legitimate user sessions, undermining the trust model of the application.

Mitigation strategies should focus on implementing robust input validation and output encoding mechanisms throughout the application's data handling pipeline. Organizations should immediately update to Devolutions Remote Desktop Manager version 2023.3.37 or later, which contains the necessary patches for this vulnerability. Additionally, administrators should implement proper access controls to limit data source access privileges, regularly audit entry data for suspicious content, and deploy web application firewalls to detect and block malicious script injections. The remediation process should also include user education about the risks of accessing untrusted entries and implementing content security policies that restrict script execution within the application's interface. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other components of the remote desktop management infrastructure, ensuring comprehensive protection against similar attack vectors.

Reservation

01/16/2024

Disclosure

01/31/2024

Moderation

accepted

CPE

ready

EPSS

0.00295

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!