PT-2024-26506 · Devolutions · Devolutions Remote Desktop Manager+1
Published
2024-04-09
·
Updated
2025-03-28
·
CVE-2024-3545
CVSS v3.1
4.3
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Devolutions Remote Desktop Manager versions 2024.1.20 and earlier
Devolutions Server versions 2024.1.8 and earlier
Description
The issue is related to improper permission handling in the vault offline cache feature. This allows an attacker to access sensitive information contained in the offline cache file by gaining access to a computer where the software is installed, even if the offline mode is disabled.
Recommendations
For Devolutions Remote Desktop Manager versions 2024.1.20 and earlier, update to a version later than 2024.1.20 to resolve the issue.
For Devolutions Server versions 2024.1.8 and earlier, update to a version later than 2024.1.8 to resolve the issue.
As a temporary workaround, consider restricting access to the offline cache file to minimize the risk of exploitation.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Remote Desktop Manager
Devolutions Server