Lucene search

BTCVELIST:CVE-2024-5813

HistoryJun 11, 2024 - 3:34 p.m.

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

2024-06-1115:34:57

CWE-200

www.cve.org

cve-2024-5813

medium severity

bips

authenticated attacker

information leak

server response

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BeyondInsight PasswordSafe",
    "vendor": "BeyondTrust",
    "versions": [
      {
        "lessThan": "23.3.0.929",
        "status": "affected",
        "version": "23.3",
        "versionType": "custom"
      }
    ]
  }
]

References

www.beyondtrust.com/trust-center/security-advisories/bt24-08

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-5813