CVE-2024-3545

Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2024-0006	Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2024-0006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:devolutions:devolutions_server::::::::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::free:windows::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::team:windows::

History

28 Mar 2025, 16:20

Type	Values Removed	Values Added
References	~~() https://devolutions.net/security/advisories/DEVO-2024-0006 -~~	() https://devolutions.net/security/advisories/DEVO-2024-0006 - Vendor Advisory
CPE		cpe:2.3:a:devolutions:remote_desktop_manager:::::team:windows:: cpe:2.3:a:devolutions:remote_desktop_manager:::::free:windows:: cpe:2.3:a:devolutions:devolutions_server::::::::
First Time		Devolutions devolutions Server Devolutions Devolutions remote Desktop Manager

21 Nov 2024, 09:29

Type	Values Removed	Values Added
References	~~() https://devolutions.net/security/advisories/DEVO-2024-0006 -~~	() https://devolutions.net/security/advisories/DEVO-2024-0006 -

04 Nov 2024, 17:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CWE		CWE-281

09 Apr 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 19:15

Updated : 2025-03-28 16:20

NVD link : CVE-2024-3545

Mitre link : CVE-2024-3545

CVE.ORG link : CVE-2024-3545

JSON object : View

Products Affected

devolutions

devolutions_server
remote_desktop_manager

CWE

CWE-281

Improper Preservation of Permissions

{"id": "CVE-2024-3545", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2024-04-09T19:15:41.380", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2024-0006", "tags": ["Vendor Advisory"], "source": "security@devolutions.net"}, {"url": "https://devolutions.net/security/advisories/DEVO-2024-0006", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\n\n"}, {"lang": "es", "value": "El manejo inadecuado de permisos en la funci\u00f3n de cach\u00e9 fuera de l\u00ednea de vault en Devolutions Remote Desktop Manager 2024.1.20 y versiones anteriores en Windows y Devolutions Server 2024.1.8 y versiones anteriores permite a un atacante acceder a informaci\u00f3n confidencial contenida en el archivo de cach\u00e9 fuera de l\u00ednea obteniendo acceso a una computadora donde el software est\u00e1 instalado aunque el modo sin conexi\u00f3n est\u00e9 desactivado."}], "lastModified": "2025-03-28T16:20:52.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C6B1BE5-9C13-4FB3-9FD9-5C07895EB64A", "versionEndExcluding": "2024.1.9.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "A0A4A4C4-D82F-482A-BD3B-C81751B7B7AB", "versionEndExcluding": "2024.1.21.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*", "vulnerable": true, "matchCriteriaId": "7B36BC3F-784D-4AC7-9224-6CD59EC6AC6F", "versionEndExcluding": "2024.1.21.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@devolutions.net"}