Unauthorized Access via Cookie Issue in Virtual Appliance Installations (VMware or HyperV)
CVE-2024-45488
Key Information:
- Vendor
- One Identity
- Vendor
- CVE Published:
- 30 August 2024
Badges
Summary
The CVE-2024-45488 vulnerability in One Identity's Safeguard for Privileged Passwords allows attackers to gain full administrative access to the virtual appliance, potentially compromising the security of the system. This vulnerability specifically affects virtual appliance installations hosted on VMware or HyperV. The issue is related to cookies, and the presence of a hard-coded cryptographic key allows attackers to forge session cookies. Users are advised to upgrade to the fixed versions of the software to mitigate the risk. No known exploitations have been reported in the wild by ransomware groups at this time.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Last Week in Security (LWiS) - 2024-09-23
0-click macOS RCE (@Turmio_), sudo iptables LPE (@suidpit + @smaury92), SkeletonCookie ☠️🍪 (@buffaloverflow), and more! Last Week in Security is a summary of the interesting cybersecurity news, techniques,...
Help Net SecurityCVE-2024-45488Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) - Help Net Security
Technical details about CVE-2024-45488, a critical auth bypass flaw affecting One Identity's Safeguard for Privileged Passwords, are public.
References
EPSS Score
72% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved