Description
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-863
Metadata
- Primary Vendor
- VEEAM
- Published
- 12/4/2024
- Last Modified
- 4/24/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
veeam : veeam_backup_\&_replication
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.