CVE-2024-7421

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

History

01 Oct 2024, 18:36

Type Values Removed Values Added
First Time Devolutions
Devolutions remote Desktop Manager
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*
References () https://devolutions.net/security/advisories/DEVO-2024-0014 - () https://devolutions.net/security/advisories/DEVO-2024-0014 - Vendor Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Una exposición de información en Devolutions Remote Desktop Manager 2024.2.20.0 y versiones anteriores en Windows permite a atacantes locales con acceso a registros del sistema obtener credenciales de sesión a través de contraseñas incluidas en argumentos de línea de comandos al iniciar sesiones de WinSCP.

25 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 16:15

Updated : 2024-10-01 18:36


NVD link : CVE-2024-7421

Mitre link : CVE-2024-7421

CVE.ORG link : CVE-2024-7421


JSON object : View

Products Affected

devolutions

  • remote_desktop_manager
CWE
CWE-532

Insertion of Sensitive Information into Log File