Remote Code Execution (RCE) Vulnerability in VSPC Management Agent
CVE-2024-42448

9.9CRITICAL

Key Information:

Vendor
Veeam
Status
Service Provider Console
Vendor
CVE Published:
12 December 2024

Badges

📰 News Worthy

Summary

A remote code execution vulnerability exists in the VSPC management agent allowing an authorized agent on the server to execute arbitrary code on the VSPC server machine. This vulnerability can pose significant security risks by enabling unauthorized actions and data exposure on the affected systems.

Affected Version(s)

Service Provider Console 8.1

News Articles

favicon imageHelp Net Security

Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Console

1 month ago

favicon imageThe Cyber Express

Critical Veeam Vulnerabilities (CVE-2024-42448, CVE-2024-42449)

Veeam vulnerabilities in Service Provider Console 8.1, including Remote Code Execution (CVE-2024-42448) and NTLM hash leak (CVE-2024-42449).

1 month ago

favicon imageSC Media

Veeam patches bugs in VSPC, one leading to remote code execution

In patching a 9.9 bug and a high-severity flaw, Veeam said the only available remedy is to apply the patches.

1 month ago

References

https://www.veeam.com/kb4679

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • 📰

    First article discovered by The Hacker News

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database6 News Article(s)
.