CVE-2024-7421

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2024-0014	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-09-25 16:15

Updated : 2025-03-17 15:15

NVD link : CVE-2024-7421

Mitre link : CVE-2024-7421

CVE.ORG link : CVE-2024-7421

JSON object : View

Products Affected

devolutions

remote_desktop_manager

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-7421", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-25T16:15:11.187", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2024-0014", "tags": ["Vendor Advisory"], "source": "security@devolutions.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@devolutions.net", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions"}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n en Devolutions Remote Desktop Manager 2024.2.20.0 y versiones anteriores en Windows permite a atacantes locales con acceso a registros del sistema obtener credenciales de sesi\u00f3n a trav\u00e9s de contrase\u00f1as incluidas en argumentos de l\u00ednea de comandos al iniciar sesiones de WinSCP."}], "lastModified": "2025-03-17T15:15:42.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D37EFE81-BCC1-473F-A265-46018FE02A5D", "versionEndExcluding": "2024.3.10"}], "operator": "OR"}]}], "sourceIdentifier": "security@devolutions.net"}