Description

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.

INFO

Published Date :

2024-12-04T01:06:04.658Z

Last Modified :

2024-12-04T16:00:32.213Z

Source :

hackerone
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42457 vulnerability.

Vendors Products
Veeam
  • Veeam Backup \& Replication
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42457.

URL Resource
https://www.veeam.com/kb4693 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact