CVE-2024-45204: A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved...

7.7 CVSS

Description

A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.

Classification

CVE ID: CVE-2024-45204

CVSS Base Severity: HIGH

CVSS Base Score: 7.7

Affected Products

Vendor: Veeam

Product: Backup & Replication

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.veeam.com/kb4693

Timeline

2024-12-05 00:32:38 UTC
CVE

A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved...