CVE-2024-42457

{"id": "CVE-2024-42457", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-12-04T02:15:05.133", "references": [{"url": "https://www.veeam.com/kb4693", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext."}, {"lang": "es", "value": "Una vulnerabilidad en Veeam Backup & Replication permite a los usuarios con determinados roles de operador exponer las credenciales guardadas aprovechando una combinaci\u00f3n de m\u00e9todos en una interfaz de gesti\u00f3n remota. Esto se puede lograr utilizando un objeto de sesi\u00f3n que permite la enumeraci\u00f3n y explotaci\u00f3n de credenciales, lo que lleva a la filtraci\u00f3n de credenciales de texto sin formato a un host malicioso. El ataque se facilita mediante el uso indebido de un m\u00e9todo que permite a los operadores agregar un nuevo host con una IP controlada por el atacante, lo que les permite recuperar credenciales confidenciales en texto plano."}], "lastModified": "2025-04-24T17:08:34.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97D6D507-5200-44A1-9122-C3CF8660C1C7", "versionEndExcluding": "12.3.0.310", "versionStartIncluding": "12.0.0.1402"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}