Critical Vulnerability CVE-2024-21545 Identified in Proxmox VE

🔍 Critical Vulnerability Discovered in Proxmox VE 8.2.2. Security Labs identified CVE-2024-21545 in Proxmox VE 8.2.2, allowing authenticated attackers to gain full control over the system. The vulnerability stems from the API handling code, which can be exploited through two vectors, enabling unauthorized access to sensitive files like /etc/shadow. Proxmox addressed this issue on September 23, 2024, as part of their regular update cycle, also fixing similar vulnerabilities in Proxmox Mail Gateway. The research highlights the importance of scrutinizing API request routers, which can harbor vulnerabilities that may not be immediately apparent. Proxmox’s prompt response to the report demonstrates their commitment to security.

Source

Original