CVE-2024-21545

Summary

CVE-2024-21545 affects the Proxmox Virtual Environment, an open-source server management platform. The vulnerability arises from inadequate safeguards against malicious API responses, allowing authenticated users with 'Sys.Audit' or 'VM.Monitor' privileges to read arbitrary host files via API endpoints. This could lead to severe consequences for organizations, including the disclosure of sensitive files and potential session forgery. To remediate this vulnerability, it is crucial for organizations to apply the recommended updates and implement stricter checks on API response values. The CVSS base score for this vulnerability is 8.2, indicating a high severity level with significant confidentiality and integrity impacts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.