← back
CVE-2024-7421

CVE-2024-7421

CVSS 5.5 MEDIUMEPSS 0.2%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Devolutions · Remote Desktop Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://devolutions.net/security/advisories/DEVO-2024-0014