{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-30170", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-06T15:34:17.270Z", "dateReserved": "2024-03-24T00:00:00", "datePublished": "2024-08-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-06T13:53:33.094319"}, "descriptions": [{"lang": "en", "value": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://privx.docs.ssh.com/docs/security"}, {"url": "https://info.ssh.com/improper-input-validation-faq"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "affected": [{"vendor": "privx", "product": "privx", "cpes": ["cpe:2.3:a:privx:privx:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "34.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-06T15:31:39.389503Z", "id": "CVE-2024-30170", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T15:34:17.270Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-30170", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-06T15:31:39.389503Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:privx:privx:*:*:*:*:*:*:*:*"], "vendor": "privx", "product": "privx", "versions": [{"status": "affected", "version": "0", "lessThan": "34.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T15:34:08.637Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://privx.docs.ssh.com/docs/security"}, {"url": "https://info.ssh.com/improper-input-validation-faq"}], "descriptions": [{"lang": "en", "value": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-06T13:53:33.094319"}}}, "cveMetadata": {"cveId": "CVE-2024-30170", "state": "PUBLISHED", "dateUpdated": "2024-08-06T15:34:17.270Z", "dateReserved": "2024-03-24T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CF12CE6-5935-4A27-9358-F323902C9E7A", "versionEndExcluding": "31.3", "versionStartIncluding": "22.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ssh:privx:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D2806F5-9289-44BA-A0CF-0A22CE10E81C", "versionEndExcluding": "32.3", "versionStartIncluding": "32.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ssh:privx:33.0:*:*:*:*:*:*:*", "matchCriteriaId": "1328E664-F872-4F77-A8B9-AB9E32D790DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,"}, {"lang": "es", "value": "PrivX anterior a 34.0 permite la filtraci\u00f3n de datos y la denegaci\u00f3n de servicio a trav\u00e9s de la API REST. Esto se solucion\u00f3 en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versi\u00f3n principal 34.0 y posteriores."}], "id": "CVE-2024-30170", "lastModified": "2024-08-12T16:13:53.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-06T14:16:03.777", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://info.ssh.com/improper-input-validation-faq"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://privx.docs.ssh.com/docs/security"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}