Remote File Removal Vulnerability in System
CVE-2024-39718

8.1HIGH

Key Information:

Vendor: Veeam
Status: Backup And Recovery
Vendor: CVE Published:; 7 September 2024

Summary

An improper input validation vulnerability exists in Veeam Backup & Replication software, allowing low-privileged users to exploit this flaw to remotely delete files on the system. The issue stems from insufficient validation of input data, leading to unauthorized actions with the same permissions as the service account. Users of affected versions are urged to review their security settings and apply necessary mitigations.

Affected Version(s)

Backup and Recovery 12.1.2

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2024
Vulnerability Reserved
Jun 28, 2024