Lucene search

HackeroneVULNRICHMENT:CVE-2024-22022

HistoryFeb 07, 2024 - 12:53 a.m.

CVE-2024-22022

2024-02-0700:53:30

hackerone

github.com

vulnerability

cve-2024-22022

user access

ntlm hash

service account.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

CNA Affected

[
  {
    "vendor": "Veeam",
    "product": "Recovery Orchestrator",
    "versions": [
      {
        "status": "affected",
        "version": "6",
        "lessThan": "6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "5",
        "lessThan": "5",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "7",
        "lessThan": "7",
        "versionType": "semver"
      }
    ]
  },
  {
    "vendor": "Veeam",
    "product": "Availability Orchestrator",
    "versions": [
      {
        "status": "affected",
        "version": "4",
        "lessThan": "4",
        "versionType": "semver"
      }
    ]
  }
]

References

veeam.com/kb4541

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-22022