Low-Privileged Users Can Modify Virtual Infrastructure Configurations, Leading to Vulnerabilities
CVE-2024-42453
8.1HIGH
What is CVE-2024-42453?
A vulnerability in Veeam Backup & Replication allows users with low privileges to manipulate configurations on virtual infrastructure hosts. This includes actions such as powering off virtual machines and deleting files from storage. The root cause lies in flawed permission checks associated with management services, which can lead to potential Denial of Service scenarios and compromise data integrity. Organizations utilizing Veeam Backup & Replication should assess their permission settings and apply necessary mitigations.
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published