Authentication Bypass Vulnerability Affects NTLM Hash of Service Account on VSPC Server
CVE-2024-38650

9.9CRITICAL

Key Information:

Vendor: Veeam
Status: Veeam Service Provider Console
Vendor: CVE Published:; 7 September 2024

Badges

📰 News Worthy

Summary

An authentication bypass vulnerability exists in the Veeam Service Provider Console that can be exploited by low privileged attackers. This flaw allows unauthorized access to critical information, specifically the NTLM hash of service accounts. If exploited, this vulnerability could enable attackers to escalate their privileges and compromise the security of the system.

Affected Version(s)

Veeam Service Provider Console 8

News Articles

🔗TheCyberThrone

CVE-2024-38650

Veeam fixes several vulnerabilities in its products

Several critical vulnerabilities have been discovered in Veeam Service Provider Console and Veeam Backup & Replication could allow attackers to gain unauthorized access, execute malicious code, and potentially compromise sensitive data. CVE-2024-38650 with a CVSS score of 9.9 is a vulnerability enab...

5 months ago

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 7, 2024
📰
First article discovered by TheCyberThrone
Sep 5, 2024
Vulnerability Reserved
Jun 19, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Veeam fixes several vulnerabilities in its products

References

CVSS V3.1

Timeline