CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.beyondtrust.com/trust-center/security-advisories/bt24-08	Vendor Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-08	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:beyondtrust:beyondinsight_password_safe:*:*:*:*:*:*:*:*

History

11 Feb 2025, 21:36

Type	Values Removed	Values Added
CPE		cpe:2.3:a:beyondtrust:beyondinsight_password_safe::::::::
CWE		NVD-CWE-noinfo
First Time		Beyondtrust Beyondtrust beyondinsight Password Safe
References	~~() https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 -~~	() https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 - Vendor Advisory

21 Nov 2024, 09:48

Type	Values Removed	Values Added
References	~~() https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 -~~	() https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 -

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad de gravedad media en BIPS donde un atacante autenticado con altos privilegios puede acceder a las claves privadas SSH a través de una fuga de información en la respuesta del servidor.

11 Jun 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-11 16:15

Updated : 2025-02-11 21:36

NVD link : CVE-2024-5813

Mitre link : CVE-2024-5813

CVE.ORG link : CVE-2024-5813

JSON object : View

Products Affected

beyondtrust

beyondinsight_password_safe

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-5813", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "13061848-ea10-403d-bd75-c83a022c2891", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-06-11T16:15:29.480", "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08", "tags": ["Vendor Advisory"], "source": "13061848-ea10-403d-bd75-c83a022c2891"}, {"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "13061848-ea10-403d-bd75-c83a022c2891", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de gravedad media en BIPS donde un atacante autenticado con altos privilegios puede acceder a las claves privadas SSH a trav\u00e9s de una fuga de informaci\u00f3n en la respuesta del servidor."}], "lastModified": "2025-02-11T21:36:40.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beyondtrust:beyondinsight_password_safe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16A3910D-694D-47F7-B068-7B2089358D73", "versionEndExcluding": "23.3.0.929", "versionStartIncluding": "23.3"}], "operator": "OR"}]}], "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891"}

5.9 /10