Unauthorized Access via Cookie Issue in Virtual Appliance Installations (VMware or HyperV)
CVE-2024-45488
Key Information
- Vendor
- One Identity
- Vendor
- CVE Published:
- 30 August 2024
Badges
Summary
The CVE-2024-45488 vulnerability in One Identity's Safeguard for Privileged Passwords allows attackers to gain full administrative access to the virtual appliance, potentially compromising the security of the system. This vulnerability specifically affects virtual appliance installations hosted on VMware or HyperV. The issue is related to cookies, and the presence of a hard-coded cryptographic key allows attackers to forge session cookies. Users are advised to upgrade to the fixed versions of the software to mitigate the risk. No known exploitations have been reported in the wild by ransomware groups at this time.
News Articles
Last Week in Security (LWiS) - 2024-09-23
0-click macOS RCE (@Turmio_), sudo iptables LPE (@suidpit + @smaury92), SkeletonCookie ☠️🍪 (@buffaloverflow), and more! Last Week in Security is a summary of the interesting cybersecurity news, techniques,...
2 months ago
Help Net SecurityCVE-2024-45488Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) - Help Net Security
Technical details about CVE-2024-45488, a critical auth bypass flaw affecting One Identity's Safeguard for Privileged Passwords, are public.
3 months ago
Refferences
Timeline
- 👾
Exploit known to exist
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved