CVE-2022-3182

HIGH

Devolutions Remote Desktop Manager < 2022.2.15 - Improper Access Control via Duo SMS Two-Factor Bypass

Title source: llm
STIX 2.1

Description

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.

References (1)

Core 1
Core References

Scores

CVSS v3 7.0
EPSS 0.0015
EPSS Percentile 4.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (1)
devolutions/remote_desktop_manager < 2022.2.15
Published Sep 13, 2022
Tracked Since Feb 18, 2026