Cyber Resilience

CVE-2024-11621

High

Published: 10 February 2025

Published
10 February 2025
Modified
28 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11621 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Devolutions Remote Desktop Manager. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2024-11621 is a missing certificate validation vulnerability (CWE-295) in Devolutions Remote Desktop Manager, affecting the macOS version 2024.3.9.0 and earlier, Linux version 2024.3.2.5 and earlier, Android version 2024.3.3.7 and earlier, iOS version 2024.3.3.0 and earlier, and PowerShell version 2024.3.6.0 and earlier. Published on 2025-02-10, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H). The issue enables attackers to intercept and modify encrypted communications via man-in-the-middle attacks due to improper certificate checks.

A remote, unauthenticated attacker can exploit this vulnerability by positioning themselves between the victim and the target server, such as through a malicious network or by tricking the user into connecting via a controlled proxy. User interaction is required, typically for the victim to initiate or accept a connection in the affected Remote Desktop Manager client. Successful exploitation allows the attacker to read sensitive data in transit and alter communications, resulting in high impacts to confidentiality, integrity, and availability.

Devolutions has published security advisory DEVO-2025-0001 at https://devolutions.net/security/advisories/DEVO-2025-0001/, which provides details on mitigation and patching instructions for affected versions.

EU & UK References

Vulnerability details

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager…

more

Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Missing certificate validation directly enables adversary-in-the-middle attacks on client connections by allowing interception/modification of traffic.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1193Same product: Devolutions Remote Desktop Manager
CVE-2026-4396Same vendor: Devolutions
CVE-2026-4434Same vendor: Devolutions
CVE-2026-2590Same product: Devolutions Remote Desktop Manager
CVE-2024-31854Shared CWE-295
CVE-2024-47258Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2025-11043Shared CWE-295
CVE-2024-50691Shared CWE-295

Affected Assets

devolutions
remote desktop manager
≤ 2024.3.2.9 · ≤ 2024.3.4.0 · ≤ 2024.3.4.2
devolutions
remote desktop manager powershell
≤ 2024.3.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires systems to validate PKI certificates by constructing certification paths to trust anchors, preventing man-in-the-middle attacks due to missing certificate validation.

prevent

Mandates timely identification, reporting, and patching of system flaws like this CVE, directly mitigating the missing certificate validation vulnerability via vendor-provided updates.

prevent

Ensures confidentiality and integrity of transmitted information using cryptographic protections that require proper certificate validation to block interception and modification in remote desktop communications.

References