Vulnerabilities > CVE-2024-30170 - Unspecified vulnerability in SSH Privx

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

ssh

critical

NVD

Published: 2024-08-06

Updated: 2024-08-12

Summary

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,

Vulnerable Configurations

Part	Description	Count
Application	Ssh SSH Privx 33.0 SSH Privx 32.0 SSH Privx 32.1 SSH Privx 32.1.1 SSH Privx 32.2 SSH Privx 22.0 SSH Privx 23.0 SSH Privx 24.0 SSH Privx 25.0 SSH Privx 26.0 SSH Privx 27.0 SSH Privx 28.0 SSH Privx 29.0 SSH Privx 30.0 SSH Privx 31.0	15

References

https://privx.docs.ssh.com/docs/security
https://info.ssh.com/improper-input-validation-faq