Remote Code Execution Vulnerability in Veeam ONE Agent
CVE-2024-42024

9.1CRITICAL

Key Information:

Vendor: Veeam
Status: One
Vendor: CVE Published:; 7 September 2024

Summary

A vulnerability exists in the Veeam ONE Agent that permits an attacker with access to the service account credentials to execute arbitrary code remotely on the targeted machine. This exploitation can lead to unauthorized access and control over the affected system. Organizations utilizing Veeam ONE Agent are advised to apply recommended security measures to mitigate the risks associated with this vulnerability, ensuring that service account credentials are adequately protected.

Affected Version(s)

One 12.1

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 7, 2024
Vulnerability Reserved
Jul 27, 2024