CVE-2024-7421

MEDIUM

Devolutions Remote Desktop Manager - Log Information Exposure

Title source: rule

Description

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions

References (1)

[Vendor Advisory] https://devolutions.net/security/advisories/DEVO-2024-0014

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 32.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (1)

devolutions/remote_desktop_manager < 2024.3.10

Published Sep 25, 2024

Tracked Since Feb 18, 2026