CVE-2024-3545

Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2024-0006	Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2024-0006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:devolutions:devolutions_server::::::::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::free:windows::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::team:windows::

History

28 Mar 2025, 16:20

Type	Values Removed	Values Added
First Time		Devolutions devolutions Server Devolutions remote Desktop Manager Devolutions
CPE		cpe:2.3:a:devolutions:remote_desktop_manager:::::free:windows:: cpe:2.3:a:devolutions:remote_desktop_manager:::::team:windows:: cpe:2.3:a:devolutions:devolutions_server::::::::
References	~~() https://devolutions.net/security/advisories/DEVO-2024-0006 -~~	() https://devolutions.net/security/advisories/DEVO-2024-0006 - Vendor Advisory

Information

Published : 2024-04-09 19:15

Updated : 2025-03-28 16:20

NVD link : CVE-2024-3545

Mitre link : CVE-2024-3545

CVE.ORG link : CVE-2024-3545

JSON object : View

Products Affected

devolutions

devolutions_server
remote_desktop_manager

CWE

CWE-281

Improper Preservation of Permissions

{"id": "CVE-2024-3545", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2024-04-09T19:15:41.380", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2024-0006", "tags": ["Vendor Advisory"], "source": "security@devolutions.net"}, {"url": "https://devolutions.net/security/advisories/DEVO-2024-0006", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\n\n"}, {"lang": "es", "value": "El manejo inadecuado de permisos en la funci\u00f3n de cach\u00e9 fuera de l\u00ednea de vault en Devolutions Remote Desktop Manager 2024.1.20 y versiones anteriores en Windows y Devolutions Server 2024.1.8 y versiones anteriores permite a un atacante acceder a informaci\u00f3n confidencial contenida en el archivo de cach\u00e9 fuera de l\u00ednea obteniendo acceso a una computadora donde el software est\u00e1 instalado aunque el modo sin conexi\u00f3n est\u00e9 desactivado."}], "lastModified": "2025-03-28T16:20:52.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C6B1BE5-9C13-4FB3-9FD9-5C07895EB64A", "versionEndExcluding": "2024.1.9.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "A0A4A4C4-D82F-482A-BD3B-C81751B7B7AB", "versionEndExcluding": "2024.1.21.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*", "vulnerable": true, "matchCriteriaId": "7B36BC3F-784D-4AC7-9224-6CD59EC6AC6F", "versionEndExcluding": "2024.1.21.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@devolutions.net"}