Skip to main content

Remote Desktop Manager CVE-2024-6492

HIGH
Insufficiently Protected Credentials (CWE-522)
2024-07-16 security@devolutions.net
7.4
CVSS 3.1 · Vendor: devolutions
Share

Severity by source

Vendor (devolutions) PRIMARY
7.4 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Primary rating from Vendor (devolutions) · only source for this CVE.

CVSS VectorVendor: devolutions

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 16, 2024 - 19:15 cve.org
HIGH 7.4

DescriptionCVE.org

Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website.

AnalysisAI

Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. Affected products include: Devolutions Remote Desktop Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

CVE-2024-6057 CRITICAL
9.8 Jun 17

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allo

CVE-2023-6593 CRITICAL
9.8 Dec 12

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker tha

CVE-2023-5766 CRITICAL
9.8 Nov 01

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to r

CVE-2023-5765 CRITICAL
9.8 Nov 01

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on

CVE-2023-4373 CRITICAL
9.8 Aug 21

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager ve

CVE-2024-11621 HIGH
8.8 Feb 10

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to

CVE-2026-12161 HIGH
8.8 Jun 15

OS command injection in the SSH Elevate Shell feature of Devolutions Remote Desktop Manager up to 2026.2.7 lets an authe

CVE-2022-4287 HIGH
8.8 Dec 21

Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on W

CVE-2022-3641 HIGH
8.8 Dec 12

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows

CVE-2021-42098 HIGH
8.8 Oct 18

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to byp

CVE-2025-1193 HIGH
8.1 Feb 10

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and

CVE-2024-12149 HIGH
8.1 Dec 04

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0

Share

CVE-2024-6492 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy