CVE-2021-36382
LOWDevolutions Server <2021.1.18-2020.3.20 - Man In The Middle
Title source: llmDescription
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://devolutions.net/security/advisories/DEVO-2021-0005
Scores
CVSS v3
2.6
EPSS
0.0048
EPSS Percentile
37.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-319
CWE-522
Status
published
Products (2)
devolutions/devolutions_server
< 2020.3.20
devolutions/devolutions_server
< 2021.1.18
Published
Jul 12, 2021
Tracked Since
Feb 18, 2026