Arbitrary File Upload Vulnerability Affects VSPC Server
CVE-2024-39714

9.9CRITICAL

Key Information:

Vendor: Veeam
Status: Veeam Service Provider Console
Vendor: CVE Published:; 7 September 2024

Summary

A vulnerability exists within the VSPC server that allows a low-privileged user to execute a code injection attack by uploading arbitrary files to the server. This can lead to unauthorized remote code execution, posing significant security risks for affected systems. Proper safeguards and user permission management are essential to mitigate this vulnerability and protect the integrity of the VSPC server.

Affected Version(s)

Veeam Service Provider Console 8

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 7, 2024
Vulnerability Reserved
Jun 28, 2024