github - ghsa-3683-hgvx-mjx6

ghsa-3683-hgvx-mjx6

Vulnerability from github

Published

2024-09-07 18:30

Modified

2024-09-07 18:30

Severity

9.0 (Critical) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T17:15:13Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup \u0026 Replication.",
  "id": "GHSA-3683-hgvx-mjx6",
  "modified": "2024-09-07T18:30:24Z",
  "published": "2024-09-07T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42019"
    },
    {
      "type": "WEB",
      "url": "https://www.veeam.com/kb4649"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-42019

Vulnerability from cvelistv5

Published

2024-09-07 16:11

Modified

2024-09-09 16:41

Severity

9.0 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Summary

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

References

URL	Tags
https://www.veeam.com/kb4649

Impacted products

Vendor	Product
Veeam	One

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:veeam:one:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "one",
            "vendor": "veeam",
            "versions": [
              {
                "lessThanOrEqual": "12.1.0.3208",
                "status": "affected",
                "version": "12",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T16:29:35.089567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T16:41:08.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "One",
          "vendor": "Veeam",
          "versions": [
            {
              "lessThanOrEqual": "12.1",
              "status": "affected",
              "version": "12.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup \u0026 Replication."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-07T16:11:22.117Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://www.veeam.com/kb4649"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-42019",
    "datePublished": "2024-09-07T16:11:22.117Z",
    "dateReserved": "2024-07-27T01:04:08.012Z",
    "dateUpdated": "2024-09-09T16:41:08.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.