Credential Leak Vulnerability Affects Veeam Backup & Replication
CVE-2024-42451

6.5MEDIUM

Key Information:

Vendor

Veeam
Status
Veeam Backup \& Replication
Vendor
CVE Published:
4 December 2024

What is CVE-2024-42451?

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.

References

https://www.veeam.com/kb4693

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.
CVE-2024-42451 : Credential Leak Vulnerability Affects Veeam Backup & Replication