The recently discovered vulnerabilities in Veeam Service Provider Console, tracked as CVE-2024-42448 and CVE-2024-42449, have been classified as critical and high severity. If exploited, these vulnerabilities could severely undermine system integrity and operational security, jeopardising sensitive data and backup operations.

CVE-2024-42448

From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. This means attackers can execute arbitrary code remotely, effectively taking control of the server. With such access, they could carry out further attacks, exfiltrate sensitive data, or entirely disrupt the backup and recovery processes critical to business continuity.

Severity: Critical
CVSS v3.1 Score: 9.9

CVE-2024-42449

From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine. These hashes could be used to escalate privileges within the system, granting attackers unauthorized access to critical resources.

Severity: High
CVSS v3.1 Score: 
7.1

Which versions are affected:

This vulnerability affects Veeam Service Provider Console 8.1.0.21377 and all earlier versions 8 and 7 builds.

Veeam has noted that unsupported product versions, although not explicitly tested, are likely impacted and should be treated as vulnerable. Using outdated or unpatched software may leave your systems vulnerable to malicious attacks.

Recommended immediate actions:

There are currently no mitigations in place. Veeam have advised that the only way to patch this vulnerability is to upgrade to their latest Veeam Service Provider Console 8.1 Builds, which in this case is: 8.1.0.21999 , which patches both vulnerabilities.

For more information:

Please read Veeam’s advisory page for more information on the two mentioned vulnerabilities and patch instructions: KB4679

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.  

Contact Us