CVE-2024-21545

Summary

CVE-2024-21545 is a vulnerability affecting Proxmox Virtual Environment, an open-source server management platform. Malicious API response values lead to insufficient safeguards, enabling authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files. The handle_api2_request function checks for 'download' or 'data'->'download' objects in the request handler call response and reads the corresponding local file if present, allowing user-controlled file reads. Two identified endpoints can manipulate the object returned by a request handler, leading to arbitrary file read, potentially resulting in full system compromise due to the privileges associated with the files.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.