The affected versions are specified as Remote Desktop Manager macOS version 2024.3.9.0 and earlier, Linux version 2024.3.2.5 and earlier, Android version 2024.3.3.7 and earlier, iOS version 2024.3.3.0 and earlier, and Powershell version 2024.3.6.0 and earlier. The absence of robust certificate validation means that the software may accept fraudulent or invalid certificates, exposing it to serious security risks.
The vulnerability has been cataloged in the National Vulnerability Database (NVD) but has not yet undergone a detailed analysis. Its classification as a CVE indicates a consensus among cybersecurity experts regarding its potential impact and exploitability. The severity and impact metrics can be identified through various versions of the Common Vulnerability Scoring System (CVSS), although specific scores have not been provided in the content.
In terms of associated weaknesses, this vulnerability is linked to Common Weakness Enumeration (CWE) identifier CWE-295, which pertains to improper certificate validation. This categorization highlights specific flaws in the implementation of security protocols that are typically designed to protect the integrity of communications.
NVD provides notices related to specific advisories, solutions, and associated tools for dealing with such vulnerabilities. However, NVD warns that these links lead external to their site, and that the opinions expressed on those sites may not reflect NIST’s views or endorsements. Users are encouraged to communicate any feedback regarding these vulnerabilities directly to NVD.
The history of changes for CVE-2024-11621 includes two significant updates from CISA-ADP reflecting the addition of new information into the CVE record. The first update occurred on February 10, 2025, which introduced the CVSS v3.1 score, characterized by several factors related to access complexity, authentication requirements, confidentiality, integrity, and availability. Additionally, another modification on the same day confirmed the description of the vulnerability as well as its relation to certificate validation issues.
The publication date for this vulnerability in NVD is also noted as October 2, 2025, which emphasizes the ongoing relevance and urgency of addressing potential exploits associated with the identified flaw.
As organizations and users utilize remote desktop services more extensively in a hybrid work environment, ensuring the security of these applications is paramount. The existence of vulnerabilities like CVE-2024-11621 underscores the importance of maintaining rigorous security protocols including proper certificate handling. It’s advised that users of the affected software versions upgrade to the latest versions that include fixes for this vulnerability to protect against potential exploitation.
Devolutions Inc. is the developer mentioned in conjunction with this vulnerability, and users are encouraged to refer to their official advisory pages for detailed information regarding responses and mitigation strategies for this critical security concern. More details can be found in advisories available on their website, specifically under advisory number DEVO-2025-0001.
In conclusion, CVE-2024-11621 represents a significant risk to the integrity of communications managed by Devolutions Remote Desktop Manager due to improper handling of certificate validation. It’s essential for users to remain informed of any updates or patches provided by Devolutions to safeguard their communications against potential attacks.
Enlace de la fuente, haz clic para tener más información