Lucene search
HistoryFeb 07, 2024 - 1:15 a.m.
CVE-2024-22022
vulnerability
low-privileged
user
access
ntlm hash
service account
veeam orchestrator server service
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
19.3%
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
Affected configurations
Node
veeamrecovery_orchestratorRange<7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| veeam | recovery_orchestrator | * | cpe:2.3:a:veeam:recovery_orchestrator:*:*:*:*:*:*:*:* |
References
Related
cve
cve
CVE-2024-22022
2024-02-07 01:15:08
prion
prion
Design/Logic Flaw
2024-02-07 01:15:00
vulnrichment
vulnrichment
CVE-2024-22022
2024-02-07 00:53:30
cvelist
cvelist
CVE-2024-22022
2024-02-07 00:53:30
veeam
veeam
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
19.3%
Related for NVD:CVE-2024-22022