CVE-2024-6504

{"id": "CVE-2024-6504", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-07-18T10:15:03.373", "references": [{"url": "https://docs.rapid7.com/release-notes/insightvm/20240717/", "tags": ["Vendor Advisory"], "source": "cve@rapid7.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261."}, {"lang": "es", "value": "Las versiones de Rapid7 InsightVM Console inferiores a 6.6.260 sufren una falla en el mecanismo de protecci\u00f3n mediante el cual un atacante con acceso de red a InsightVM Console puede provocar que se sobrecargue o falle al enviar repetidas solicitudes REST no v\u00e1lidas en un corto per\u00edodo de tiempo al puerto 443 de la consola, lo que provoca que la consola se bloquee. para ingresar a un bucle de registro de manejo de excepciones, agotando la CPU. No hay indicios de que un atacante pueda utilizar este m\u00e9todo para escalar privilegios, adquirir acceso no autorizado a datos u obtener control de recursos protegidos. Este problema se solucion\u00f3 en la versi\u00f3n 6.6.261."}], "lastModified": "2024-09-10T13:53:28.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03CB4C38-684D-4FB7-9D19-0CD2E29595FF", "versionEndExcluding": "6.6.261"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}