Sécurité et conformité
DEVO-2024-0004
Résumé
Remote Desktop Manager is affected by multiple vulnerabilities.
Produits affectés
Remote Desktop Manager Windows 2024.1.12 and earlier
Journal des modifications
2024-03-13 - Initial publication
Sévérité
Medium
Produit
Remote Desktop Manager
Version corrigée
2024.1.15
Terrapin vulnerability in Remote Desktop Manager
Description
Remote Desktop Manager is affected by the Terrapin vulnerability in the following modules :
- SSH Sessions.
- Embedded OpenSSH client used for Powershell Remoting.
We have updated our implementations to include the security fixes.
For more information about the Terrapin vulnerability please consult the following :
https://terrapin-attack.com/
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager 2024.1.15 or higher
Sévérité
5.9 Medium - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Produits affectés
Remote Desktop Manager Windows 2024.1.12 and earlier
CVE(s)
CVE-2023-48795
Improper cleanup in temporary file handling component.
Description
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager 2024.1.15 or higher
Sévérité
2.3 - Low CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produits affectés
Remote Desktop Manager Windows 2024.1.12 and earlier
CVE(s)
CVE-2024-2403