Vulnerability Description
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Devolutions | Devolutions Server | < 2024.1.9.0 |
| Devolutions | Remote Desktop Manager | < 2024.1.21.0 |
Related Weaknesses (CWE)
References
- https://devolutions.net/security/advisories/DEVO-2024-0006Vendor Advisory
- https://devolutions.net/security/advisories/DEVO-2024-0006Vendor Advisory
FAQ
What is CVE-2024-3545?
CVE-2024-3545 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to...
How severe is CVE-2024-3545?
CVE-2024-3545 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-3545?
Check the references section above for vendor advisories and patch information. Affected products include: Devolutions Devolutions Server, Devolutions Remote Desktop Manager.