Lucene search

HackeroneVULNRICHMENT:CVE-2024-40714

HistorySep 07, 2024 - 4:11 p.m.

CVE-2024-40714

2024-09-0716:11:22

hackerone

github.com

improper certificate validation

tls certificate

credential interception

restore operations

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:veeam:backup_\\&_replication:*:*:*:*:*:*:*:*"
    ],
    "vendor": "veeam",
    "product": "backup_\\&_replication",
    "versions": [
      {
        "status": "affected",
        "version": "12",
        "versionType": "semver",
        "lessThanOrEqual": "12.1.2.172"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.veeam.com/kb4649

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-40714