CVE-2024-45204 HIGH

CVE-2024-45204

Vendor Veeam
Product Backup & Replication
Published December 4, 2024
Last update December 6, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.

Key dates

02Disclosure timeline

December 4, 2024 CVE published
December 6, 2024 Record updated