CVE-2024-29851

2024-05-2223:15:09

[email protected]

web.nvd.nist.gov

veeam backup

high-privileged user

ntlm hash

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

CNA Affected

[
  {
    "vendor": "Veeam",
    "product": "Backup & Replication",
    "versions": [
      {
        "version": "12.1.2.172",
        "status": "affected",
        "lessThan": "12.1.2.172",
        "versionType": "semver"
      },
      {
        "version": "11",
        "status": "unaffected",
        "lessThanOrEqual": "11",
        "versionType": "semver"
      }
    ]
  }
]