Potential for DLL Injection Vulnerabilities in Veeam Agent for Windows
CVE-2024-45207

Currently unrated

Key Information:

Vendor: Veeam
Status: Veeam Agent For Windows
Vendor: CVE Published:; 4 December 2024

What is CVE-2024-45207?

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services

References

https://www.veeam.com/kb4693

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2024