CVE-2024-7421

Summary

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions

Affected Software

VendorProductVersion RangeStatus
DevolutionsRemote Desktop Manager0 <= 2024.2.20affected

Weaknesses

  • CWE-532: CWE-532: Information Exposure Through Log Files

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References