Low-Privileged User Can Elevate Privileges and Compromise Server
CVE-2024-42452

8.8HIGH

Key Information:

Vendor: Veeam
Status: Veeam Backup \& Replication
Vendor: CVE Published:; 4 December 2024

What is CVE-2024-42452?

A vulnerability exists in Veeam Backup & Replication that enables low-privileged users to remotely initiate agents in server mode and gain system-level access. This exploitation leads to the potential for an attacker to upload files to the server with elevated privileges. The root cause lies in inadequate permission checks during remote calls, which can result in comprehensive system compromise and unauthorized access to sensitive data.

References

https://www.veeam.com/kb4693

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2024