CVE-2021-36382

LOW

Devolutions Server <2021.1.18-2020.3.20 - Man In The Middle

Title source: llm

Description

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).

References (1)

[Vendor Advisory] https://devolutions.net/security/advisories/DEVO-2021-0005

Scores

CVSS v3 2.6

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-319 CWE-522

Status published

Affected Products (2)

devolutions/devolutions_server < 2020.3.20

devolutions/devolutions_server < 2021.1.18

Timeline

Published Jul 12, 2021

Tracked Since Feb 18, 2026