Main Vulnerability Database Vulnerabilities #VU101178

#VU101178 Incorrect default permissions in Backup & Replication - CVE-2024-45204

Published: December 3, 2024

Vulnerability identifier: #VU101178

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-45204

CWE-ID: CWE-276

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Backup & Replication

Software vendor:
Veeam

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions. A remote user with an assigned role in the Users and Roles settings on the backup server can obtain NTLM hashes of saved credentials.

Remediation

Install updates from vendor's website.

External links

https://www.veeam.com/kb4693

#VU101178 Incorrect default permissions in Backup & Replication - CVE-2024-45204

Description

Remediation

External links

Please verify you're human