Lucene search
HackeroneCVE-2024-22022HistoryFeb 07, 2024 - 1:15 a.m.
CVE-2024-22022
2024-02-0701:15:08
hackerone
web.nvd.nist.gov
25
cve-2024-22022
vulnerability
low-privileged user
access
ntlm hash
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.001
Percentile
19.3%
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
Affected configurations
Node
veeamrecovery_orchestratorRange<7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| veeam | recovery_orchestrator | * | cpe:2.3:a:veeam:recovery_orchestrator:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Veeam",
"product": "Recovery Orchestrator",
"versions": [
{
"version": "6",
"status": "affected",
"lessThan": "6",
"versionType": "semver"
},
{
"version": "5",
"status": "affected",
"lessThan": "5",
"versionType": "semver"
},
{
"version": "7",
"status": "unaffected",
"lessThan": "7",
"versionType": "semver"
}
]
},
{
"vendor": "Veeam",
"product": "Availability Orchestrator",
"versions": [
{
"version": "4",
"status": "affected",
"lessThan": "4",
"versionType": "semver"
}
]
}
]References
Related
prion
prion
Design/Logic Flaw
2024-02-07 01:15:00
vulnrichment
vulnrichment
CVE-2024-22022
2024-02-07 00:53:30
cvelist
cvelist
CVE-2024-22022
2024-02-07 00:53:30
nvd
nvd
CVE-2024-22022
2024-02-07 01:15:08
veeam
veeam
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.001
Percentile
19.3%
Related for CVE-2024-22022