CVE-2024-45204
First published: Wed Dec 04 2024(Updated: )
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veeam Backup & Replication | >=12.0.0.1402<12.3.0.310 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-45204?
CVE-2024-45204 is considered a medium severity vulnerability due to the potential for credential leakage.
How do I fix CVE-2024-45204?
To mitigate CVE-2024-45204, ensure your Veeam Backup & Replication software is updated to a version later than 12.3.0.310.
Who is affected by CVE-2024-45204?
CVE-2024-45204 affects users of Veeam Backup & Replication versions between 12.0.0.1402 and 12.3.0.310.
What types of credentials can be leaked through CVE-2024-45204?
CVE-2024-45204 allows for the leakage of NTLM hashes of saved credentials.
Can CVE-2024-45204 impact systems beyond the initial target?
Yes, the exploitation of CVE-2024-45204 can lead to NTLM hash exposure, potentially impacting additional systems.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/veeam
- canonical/veeam backup & replication
- version/veeam backup & replication/12.0.0.1402