A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.veeam.com/kb4693 |
History
Fri, 06 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 |
Wed, 04 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 04 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-12-04T01:06:05.328Z
Updated: 2024-12-06T20:10:23.572Z
Reserved: 2024-08-23T01:00:01.060Z
Link: CVE-2024-45204
Vulnrichment
Updated: 2024-12-04T14:46:53.528Z
NVD
Status : Awaiting Analysis
Published: 2024-12-04T02:15:05.233
Modified: 2024-12-06T20:15:26.653
Link: CVE-2024-45204
Redhat
No data.