CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.beyondtrust.com/trust-center/security-advisories/bt24-08	Vendor Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-08	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:beyondtrust:beyondinsight_password_safe:*:*:*:*:*:*:*:*

History

11 Feb 2025, 21:36

Type	Values Removed	Values Added
CPE		cpe:2.3:a:beyondtrust:beyondinsight_password_safe::::::::
First Time		Beyondtrust Beyondtrust beyondinsight Password Safe
CWE		NVD-CWE-noinfo
References	~~() https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 -~~	() https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 - Vendor Advisory

Information

Published : 2024-06-11 16:15

Updated : 2025-02-11 21:36

NVD link : CVE-2024-5813

Mitre link : CVE-2024-5813

CVE.ORG link : CVE-2024-5813

JSON object : View

Products Affected

beyondtrust

beyondinsight_password_safe

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-5813", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "13061848-ea10-403d-bd75-c83a022c2891", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-06-11T16:15:29.480", "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08", "tags": ["Vendor Advisory"], "source": "13061848-ea10-403d-bd75-c83a022c2891"}, {"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "13061848-ea10-403d-bd75-c83a022c2891", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de gravedad media en BIPS donde un atacante autenticado con altos privilegios puede acceder a las claves privadas SSH a trav\u00e9s de una fuga de informaci\u00f3n en la respuesta del servidor."}], "lastModified": "2025-02-11T21:36:40.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beyondtrust:beyondinsight_password_safe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16A3910D-694D-47F7-B068-7B2089358D73", "versionEndExcluding": "23.3.0.929", "versionStartIncluding": "23.3"}], "operator": "OR"}]}], "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891"}