Low-Privileged User Can Perform Local Privilege Escalation Through SSRF Vulnerability
CVE-2024-40718

8.8HIGH

Key Information:

Vendor: Veeam
Status: Nutanix Ahv; Nutanix Kvm
Vendor: CVE Published:; 7 September 2024

Summary

A vulnerability in Veeam's software allows low-privileged users to exploit server-side request forgery (SSRF) mechanisms. Through this vulnerability, attackers can potentially escalate their privileges locally, gaining unauthorized access to sensitive resources and compromising the security of the affected environment. This issue highlights the importance of safeguarding applications against SSRF attacks and emphasizes the necessity for rigorous security assessments of Veeam products.

Affected Version(s)

Nutanix AHV 12.6.0

Nutanix KVM 12.5.0

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2024
Vulnerability Reserved
Jul 9, 2024