CVE-2024-30170

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

P

rivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,

References

Link	Resource
https://info.ssh.com/improper-input-validation-faq	Exploit Vendor Advisory
https://privx.docs.ssh.com/docs/security	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ssh:privx::::::::
	cpe:2.3:a:ssh:privx::::::::
	cpe:2.3:a:ssh:privx:33.0:::::::*

History

12 Aug 2024, 16:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-06 14:16

Updated : 2024-08-12 16:13

NVD link : CVE-2024-30170

Mitre link : CVE-2024-30170

CVE.ORG link : CVE-2024-30170

JSON object : View

Products Affected

privx

CWE

NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-30170", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-06T14:16:03.777", "references": [{"url": "https://info.ssh.com/improper-input-validation-faq", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://privx.docs.ssh.com/docs/security", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,"}, {"lang": "es", "value": "PrivX anterior a 34.0 permite la filtraci\u00f3n de datos y la denegaci\u00f3n de servicio a trav\u00e9s de la API REST. Esto se solucion\u00f3 en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versi\u00f3n principal 34.0 y posteriores."}], "lastModified": "2024-08-12T16:13:53.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CF12CE6-5935-4A27-9358-F323902C9E7A", "versionEndExcluding": "31.3", "versionStartIncluding": "22.0"}, {"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D2806F5-9289-44BA-A0CF-0A22CE10E81C", "versionEndExcluding": "32.3", "versionStartIncluding": "32.0"}, {"criteria": "cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1328E664-F872-4F77-A8B9-AB9E32D790DC"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}