Arbitrary File Removal on VSPC Server
CVE-2024-42449

7.1HIGH

Key Information:

Vendor
Veeam
Vendor
CVE Published:
4 December 2024

Badges

📰 News Worthy

Summary

A vulnerability within Veeam's VSPC management agent allows authorized management agents to execute unauthorized file deletions on the VSPC server. This capability poses significant security risks, as it can lead to data loss and server instability. Organizations utilizing Veeam solutions should assess their systems for this vulnerability to mitigate potential exploitation and ensure data integrity. Proper access controls and monitoring mechanisms are vital in defending against the unauthorized removal of critical files.

Affected Version(s)

Service Provider Console 8.1

News Articles

Critical Veeam Vulnerabilities (CVE-2024-42448, CVE-2024-42449)

Veeam vulnerabilities in Service Provider Console 8.1, including Remote Code Execution (CVE-2024-42448) and NTLM hash leak (CVE-2024-42449).

Veeam patches bugs in VSPC, one leading to remote code execution

In patching a 9.9 bug and a high-severity flaw, Veeam said the only available remedy is to apply the patches.

Critical Vulnerabilities Found In Veeam Service Provider Console

Two critical vulnerabilities in Veeam Service Provider Console urge immediate attention for security and data protection.

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Information Security Buzz

  • Vulnerability published

.