Lucene search

13061848-ea10-403d-bd75-c83a022c2891CVE-2024-5813

HistoryJun 11, 2024 - 4:15 p.m.

CVE-2024-5813

2024-06-1116:15:29

CWE-200

13061848-ea10-403d-bd75-c83a022c2891

web.nvd.nist.gov

vulnerability

bips

ssh

private keys

information leak

authenticated attacker

high privileges

server response

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BeyondInsight PasswordSafe",
    "vendor": "BeyondTrust",
    "versions": [
      {
        "lessThan": "23.3.0.929",
        "status": "affected",
        "version": "23.3",
        "versionType": "custom"
      }
    ]
  }
]

References

www.beyondtrust.com/trust-center/security-advisories/bt24-08

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-5813