Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2024-21545

Disclosure Date: September 25, 2024
CVE-2024-21545
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with ‘Sys.Audit’ or ‘VM.Monitor’ privileges to download arbitrary host files via the API.
When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user.
Two endpoints were identified which can control the object returned by a request handler sufficiently that the ’download’ object is defined and user controlled. This results in arbitrary file read.
The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
pve-manager 7.4-19
pve-manager 8.2.7
libpve-storage-perl 7.4-4
libpve-storage-perl 8.2.5
libpve-http-server-perl 4.3.0
libpve-http-server-perl 5.1.1
pmg-api 7.3-12
pmg-api 8.1.4
libpve-common-perl (Promox VE 8) 8.2.3
libpve-common-perl (Promox Mail Gateway 8) 8.2.5
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • Proxmox

Products

  • pve-manager,
  • libpve-storage-perl,
  • libpve-http-server-perl,
  • pmg-api,
  • libpve-common-perl (Promox VE 8),
  • libpve-common-perl (Promox Mail Gateway 8)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis