CVE-2023-1202
published 2023-04-02CVE-2023-1202: Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with…
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.44%
35.1th percentile
Permission bypass when importing or synchronizing entries in User vault
in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | remote_desktop_manager | < 2023.1.10 | 2023.1.10 |
| devolutions | remote_desktop_manager | <= 2023.1.9 | — |
| juniper | junos_os | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cwg2-4rcv-xcc4: Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023
ghsa_unreviewed·2023-04-02
CVE-2023-1202 [MEDIUM] CWE-863 GHSA-cwg2-4rcv-xcc4: Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023
Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
Juniper
CVE-2023-36833: A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PT
vendor_juniper·2023-07-14·CVSS 6.5
CVE-2023-36833 [MEDIUM] CWE-416 CVE-2023-36833: A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PT
CVE-2023-36833: A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.
An indication that the system experienced this issue is the following log message:
evo-aftmand-bt[]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes
This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:
21.2
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-02
Published