Home > Vulnerability Database > CVE-2024-29008

Mend.io Vulnerability Database

CVE-2024-29008

Good to know:

Date: April 4, 2024

A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage. Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Language: Java

Severity Score

6.4

Related Resources (3)

Url: https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29008

Url: https://www.mend.io/vulnerability-database/CVE-2024-29008

Severity Score

6.4

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 4.18.1.1,4.19.0.1

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29008

Good to know:

Date: April 4, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?