CVE-2024-42457 (GCVE-0-2024-42457)

Vulnerability from cvelistv5 – Published: 2024-12-04 01:06 – Updated: 2024-12-04 16:00
VLAI?
Summary
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.
Severity ?
7.7 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Vendor Product Version
Veeam Backup & Replication Affected: 12.2 , ≤ 12.2 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T15:47:05.862624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-522",
                "description": "CWE-522 Insufficiently Protected Credentials",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T16:00:32.213Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Backup \u0026 Replication",
          "vendor": "Veeam",
          "versions": [
            {
              "lessThanOrEqual": "12.2",
              "status": "affected",
              "version": "12.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Veeam Backup \u0026 Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T01:06:04.658Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://www.veeam.com/kb4693"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-42457",
    "datePublished": "2024-12-04T01:06:04.658Z",
    "dateReserved": "2024-08-02T01:04:07.985Z",
    "dateUpdated": "2024-12-04T16:00:32.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in Veeam Backup \u0026 Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en Veeam Backup \u0026amp; Replication permite a los usuarios con determinados roles de operador exponer las credenciales guardadas aprovechando una combinaci\\u00f3n de m\\u00e9todos en una interfaz de gesti\\u00f3n remota. Esto se puede lograr utilizando un objeto de sesi\\u00f3n que permite la enumeraci\\u00f3n y explotaci\\u00f3n de credenciales, lo que lleva a la filtraci\\u00f3n de credenciales de texto sin formato a un host malicioso. El ataque se facilita mediante el uso indebido de un m\\u00e9todo que permite a los operadores agregar un nuevo host con una IP controlada por el atacante, lo que les permite recuperar credenciales confidenciales en texto plano.\"}]",
      "id": "CVE-2024-42457",
      "lastModified": "2024-12-04T16:15:25.450",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 4.0}]}",
      "published": "2024-12-04T02:15:05.133",
      "references": "[{\"url\": \"https://www.veeam.com/kb4693\", \"source\": \"support@hackerone.com\"}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42457\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2024-12-04T02:15:05.133\",\"lastModified\":\"2025-04-24T17:08:34.490\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Veeam Backup \u0026 Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Veeam Backup \u0026amp; Replication permite a los usuarios con determinados roles de operador exponer las credenciales guardadas aprovechando una combinaci\u00f3n de m\u00e9todos en una interfaz de gesti\u00f3n remota. Esto se puede lograr utilizando un objeto de sesi\u00f3n que permite la enumeraci\u00f3n y explotaci\u00f3n de credenciales, lo que lleva a la filtraci\u00f3n de credenciales de texto sin formato a un host malicioso. El ataque se facilita mediante el uso indebido de un m\u00e9todo que permite a los operadores agregar un nuevo host con una IP controlada por el atacante, lo que les permite recuperar credenciales confidenciales en texto plano.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veeam:veeam_backup_\\\\\u0026_replication:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0.1402\",\"versionEndExcluding\":\"12.3.0.310\",\"matchCriteriaId\":\"97D6D507-5200-44A1-9122-C3CF8660C1C7\"}]}]}],\"references\":[{\"url\":\"https://www.veeam.com/kb4693\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Veeam Backup \u0026 Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.\"}], \"affected\": [{\"defaultStatus\": \"unaffected\", \"vendor\": \"Veeam\", \"product\": \"Backup \u0026 Replication\", \"versions\": [{\"version\": \"12.2\", \"status\": \"affected\", \"lessThanOrEqual\": \"12.2\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://www.veeam.com/kb4693\"}], \"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\"}}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2024-12-04T01:06:04.658Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-42457\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-04T15:47:05.862624Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-522\", \"description\": \"CWE-522 Insufficiently Protected Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-04T15:59:08.922Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-42457\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"hackerone\", \"dateReserved\": \"2024-08-02T01:04:07.985Z\", \"datePublished\": \"2024-12-04T01:06:04.658Z\", \"dateUpdated\": \"2024-12-04T16:00:32.213Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.