Low-Privileged User Can Elevate Privileges and Compromise Server
CVE-2024-42452

Currently unrated

Key Information:

Vendor
Veeam
Vendor
CVE Published:
4 December 2024

Summary

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.

References

https://www.veeam.com/kb4693

Timeline

  • Vulnerability published

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.