Low-Privileged User Vulnerability Allows Unauthorized Access and Privileged Method Initiation
CVE-2024-42456

8.8HIGH

Key Information:

Vendor: Veeam
Status: Veeam Backup \& Replication
Vendor: CVE Published:; 4 December 2024

What is CVE-2024-42456?

A vulnerability in the Veeam Backup & Replication platform permits low-privileged users to exploit a method that alters key configuration settings. This flaw enables such users to modify the trusted client certificate utilized for authentication, thereby allowing unauthorized access. Exploiting this issue can enable low-privileged users to invoke sensitive methods and start essential services, posing significant security risks to the backup infrastructure due to improper permission requirements.

References

https://www.veeam.com/kb4693

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2024