Lucene search

BTVULNRICHMENT:CVE-2024-5813

HistoryJun 11, 2024 - 3:34 p.m.

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

2024-06-1115:34:57

CWE-200

github.com

cve-2024-5813

vulnerability

bips

authenticated attacker

high privileges

ssh private keys

information leak

server response

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.

CNA Affected

[
  {
    "vendor": "BeyondTrust",
    "product": "BeyondInsight PasswordSafe",
    "versions": [
      {
        "status": "affected",
        "version": "23.3",
        "lessThan": "23.3.0.929",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.beyondtrust.com/trust-center/security-advisories/bt24-08

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-5813