CVE-2024-3545

2024-04-0919:15:41

[email protected]

web.nvd.nist.gov

improper permission handling

vault offline cache

sensitive information access

devolutions remote desktop manager

windows

devolutions server

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

JSON

Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2024.1.8.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2024.1.20.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2024-0006