Veeam Reporter Service Vulnerability
CVE-2024-42019

9CRITICAL

Key Information:

Vendor: Veeam
Status: One
Vendor: CVE Published:; 7 September 2024

Summary

This vulnerability permits attackers to gain unauthorized access to the NTLM hash of the service account utilized by the Veeam Reporter Service. Exploitation of this vulnerability requires user interaction, making it essential for administrators and users of Veeam Backup & Replication to remain vigilant. Attackers can leverage data from Veeam Backup & Replication to facilitate an attack, potentially compromising sensitive credentials. Regular updates and security best practices are crucial to mitigate the risks associated with this vulnerability.

Affected Version(s)

One 12.1

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 7, 2024
Vulnerability Reserved
Jul 27, 2024