CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC
Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One of these flaws, identified as CVE-2024-42448, carries a CVSS score of 9.9 and could allow remote attackers to execute arbitrary code on vulnerable systems.
VSPC is a centralized management platform utilized by service providers to oversee and maintain their clients’ backup and disaster recovery operations. This platform supports a variety of workloads, including virtual machines, Microsoft 365 data, and public cloud environments.
Vulnerability Details:
CVE-2024-42448 (CVSS 9.9): This critical remote code execution vulnerability allows attackers to compromise VSPC servers by exploiting authorized management agents. Successful exploitation could grant attackers complete control over the server, potentially jeopardizing sensitive customer data and disrupting backup and recovery operations.
CVE-2024-42449 (CVSS 7.1): This high-severity vulnerability also leverages authorized management agents to extract NTLM hashes of VSPC server service accounts and delete files on the server. This could be used to escalate privileges and further compromise the system.
Affected Versions:
These vulnerabilities affect Veeam Service Provider Console versions 8.1.0.21377 and all earlier versions, including builds 8 and 7. While unsupported product versions were not explicitly tested, Veeam advises that they should be considered vulnerable.
Mitigation:
Veeam has addressed these vulnerabilities in Service Provider Console version 8.1.0.21999. The company strongly urges all service providers using supported versions of VSPC to update to this latest cumulative patch immediately. Service providers using unsupported versions are encouraged to upgrade to the latest version of VSPC to ensure their systems are protected.
Related Posts:
- PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication
- Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
- Fog & Akira Ransomware Exploit Critical Veeam RCE Flaw CVE-2024-40711 After PoC Release
- CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager
