CVE-2023-30367
CVE-2023-30367 is a high-severity vulnerability in Mremoteng with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-312.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- EPSS exploit prediction: 0% (35th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-312
- Affected product: Mremoteng
- Published:
- Last modified:
Description
Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.
Frequently asked questions
- What is CVE-2023-30367?
- Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.
- How severe is CVE-2023-30367?
- CVE-2023-30367 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2023-30367 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (35th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-30367?
- CVE-2023-30367 primarily affects Mremoteng. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2023-30367?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2023-30367 published?
- CVE-2023-30367 was published on 2023-07-26 and last updated on 2026-06-17.
References
- http://packetstormsecurity.com/files/173829/mRemoteNG-1.77.3.1784-NB-Sensitive-Information-Extraction.html
- https://github.com/S1lkys/CVE-2023-30367-mRemoteNG-password-dumper
- https://github.com/mRemoteNG/mRemoteNG/issues/2420
- https://www.secuvera.de/advisories/secuvera-SA-2023-01.txt
Affected products (3)
- cpe:2.3:a:mremoteng:mremoteng:*:*:*:*:*:*:*:*
- cpe:2.3:a:mremoteng:mremoteng:1.77.2-nb:*:*:*:*:*:*:*
- cpe:2.3:a:mremoteng:mremoteng:1.77.3-nb:*:*:*:*:*:*:*
More vulnerabilities in Mremoteng
- CVE-2020-24307 — High (CVSS 7.8): An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third…
All CVEs affecting Mremoteng →
Other CWE-312 (Cleartext Storage of Sensitive Information) vulnerabilities
- CVE-2022-43757 — Critical (CVSS 9.9): A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain…
- CVE-2021-36782 — Critical (CVSS 9.9): A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster…
- CVE-2020-9045 — Critical (CVSS 9.9): During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management…
- CVE-2026-31848 — Critical (CVSS 9.8): Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which…
- CVE-2025-65826 — Critical (CVSS 9.8): The mobile application was found to contain stored credentials for the network it was developed on. If an attacker…
- CVE-2025-34206 — Critical (CVSS 9.8): Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host…
Browse all CWE-312 (Cleartext Storage of Sensitive Information) vulnerabilities →