CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://info.ssh.com/improper-input-validation-faq	Exploit Vendor Advisory
https://privx.docs.ssh.com/docs/security	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ssh:privx::::::::
	cpe:2.3:a:ssh:privx::::::::
	cpe:2.3:a:ssh:privx:33.0:::::::*

History

12 Aug 2024, 16:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ssh:privx:::::::: cpe:2.3:a:ssh:privx:33.0:::::::*
Summary		(es) PrivX anterior a 34.0 permite la filtración de datos y la denegación de servicio a través de la API REST. Esto se solucionó en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versión principal 34.0 y posteriores.
First Time		Ssh Ssh privx
References	~~() https://info.ssh.com/improper-input-validation-faq -~~	() https://info.ssh.com/improper-input-validation-faq - Exploit, Vendor Advisory
References	~~() https://privx.docs.ssh.com/docs/security -~~	() https://privx.docs.ssh.com/docs/security - Vendor Advisory
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 9.1

06 Aug 2024, 16:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-400

06 Aug 2024, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-06 14:16

Updated : 2024-08-12 16:13

NVD link : CVE-2024-30170

Mitre link : CVE-2024-30170

CVE.ORG link : CVE-2024-30170

JSON object : View

Products Affected

ssh

privx

CWE

NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-30170", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-06T14:16:03.777", "references": [{"url": "https://info.ssh.com/improper-input-validation-faq", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://privx.docs.ssh.com/docs/security", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,"}, {"lang": "es", "value": "PrivX anterior a 34.0 permite la filtraci\u00f3n de datos y la denegaci\u00f3n de servicio a trav\u00e9s de la API REST. Esto se solucion\u00f3 en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versi\u00f3n principal 34.0 y posteriores."}], "lastModified": "2024-08-12T16:13:53.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CF12CE6-5935-4A27-9358-F323902C9E7A", "versionEndExcluding": "31.3", "versionStartIncluding": "22.0"}, {"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D2806F5-9289-44BA-A0CF-0A22CE10E81C", "versionEndExcluding": "32.3", "versionStartIncluding": "32.0"}, {"criteria": "cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1328E664-F872-4F77-A8B9-AB9E32D790DC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}