Lucene search
HackeroneCVE-2024-38650HistorySep 07, 2024 - 5:15 p.m.
CVE-2024-38650
2024-09-0717:15:12
CWE-200
hackerone
web.nvd.nist.gov
26
20
authentication bypass
low privileged attacker
ntlm hash
service account
vspc server
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.5%
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
Affected configurations
Node
veeamservice_provider_consoleRange≤8.0.0.19552
| Vendor | Product | Version | CPE |
|---|---|---|---|
| veeam | service_provider_console | * | cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Veeam",
"product": "Veeam Service Provider Console",
"versions": [
{
"version": "8",
"status": "affected",
"lessThanOrEqual": "8",
"versionType": "semver"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2024-38650
2024-09-07 17:15:12
vulnrichment
vulnrichment
CVE-2024-38650
2024-09-07 16:11:22
cvelist
cvelist
CVE-2024-38650
2024-09-07 16:11:22
thn
thn
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
2024-09-05 16:05:00
veeam
veeam
Veeam Security Bulletin (September 2024)
2024-09-04 00:00:00
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.5%
Related for CVE-2024-38650