github - ghsa-58p4-j3v2-9gh4

ghsa-58p4-j3v2-9gh4

Vulnerability from github

Published

2024-09-07 18:30

Modified

2024-09-07 18:30

Severity

9.1 (Critical) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-250"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T17:15:14Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.",
  "id": "GHSA-58p4-j3v2-9gh4",
  "modified": "2024-09-07T18:30:24Z",
  "published": "2024-09-07T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42024"
    },
    {
      "type": "WEB",
      "url": "https://www.veeam.com/kb4649"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-42024

Vulnerability from cvelistv5

Published

2024-09-07 16:11

Modified

2024-09-09 14:11

Severity

9.1 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

References

URL	Tags
https://www.veeam.com/kb4649

Impacted products

Vendor	Product
Veeam	One

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:veeam:one:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "one",
            "vendor": "veeam",
            "versions": [
              {
                "lessThanOrEqual": "12.1.0.3208",
                "status": "affected",
                "version": "12",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42024",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T14:04:05.003945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-250",
                "description": "CWE-250 Execution with Unnecessary Privileges",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T14:11:39.524Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "One",
          "vendor": "Veeam",
          "versions": [
            {
              "lessThanOrEqual": "12.1",
              "status": "affected",
              "version": "12.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-07T16:11:22.220Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://www.veeam.com/kb4649"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-42024",
    "datePublished": "2024-09-07T16:11:22.220Z",
    "dateReserved": "2024-07-27T01:04:08.013Z",
    "dateUpdated": "2024-09-09T14:11:39.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.