CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://info.ssh.com/improper-input-validation-faq	Exploit Vendor Advisory
https://privx.docs.ssh.com/docs/security	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ssh:privx::::::::
	cpe:2.3:a:ssh:privx::::::::
	cpe:2.3:a:ssh:privx:33.0:::::::*

History

No history.

Information

Published : 2024-08-06 14:16

Updated : 2024-08-12 16:13

NVD link : CVE-2024-30170

Mitre link : CVE-2024-30170

CVE.ORG link : CVE-2024-30170

JSON object : View

Products Affected

ssh

privx

CWE

NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-30170", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-06T14:16:03.777", "references": [{"url": "https://info.ssh.com/improper-input-validation-faq", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://privx.docs.ssh.com/docs/security", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,"}, {"lang": "es", "value": "PrivX anterior a 34.0 permite la filtraci\u00f3n de datos y la denegaci\u00f3n de servicio a trav\u00e9s de la API REST. Esto se solucion\u00f3 en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versi\u00f3n principal 34.0 y posteriores."}], "lastModified": "2024-08-12T16:13:53.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CF12CE6-5935-4A27-9358-F323902C9E7A", "versionEndExcluding": "31.3", "versionStartIncluding": "22.0"}, {"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D2806F5-9289-44BA-A0CF-0A22CE10E81C", "versionEndExcluding": "32.3", "versionStartIncluding": "32.0"}, {"criteria": "cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1328E664-F872-4F77-A8B9-AB9E32D790DC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}