CVE-2024-6492

HIGH

Drevolutions Remote Desktop Manager <2024.2.14.0 - Info Disclosure

Title source: llm

Description

Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website.

References (1)

[Vendor Advisory] https://devolutions.net/security/advisories/DEVO-2024-0012

Scores

CVSS v3 7.4

EPSS 0.0055

EPSS Percentile 67.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

devolutions/remote_desktop_manager < 2024.2.15.0

Timeline

Published Jul 16, 2024

Tracked Since Feb 18, 2026