CVE-2024-3545

MEDIUM

Drevolutions Remote Desktop Manager <2024.1.20 - Info Disclosure

Title source: llm

Description

Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.

References (1)

[Vendor Advisory] https://devolutions.net/security/advisories/DEVO-2024-0006

Scores

CVSS v3 4.3

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-281

Status published

Products (2)

devolutions/devolutions_server < 2024.1.9.0

devolutions/remote_desktop_manager < 2024.1.21.0 (2 CPE variants)

Published Apr 09, 2024

Tracked Since Feb 18, 2026