FlagThis

Veeam has urgently released patches to address critical vulnerabilities in its Service Provider Console (VSPC), a key management platform for backup and recovery services. The most severe vulnerability, CVE-2024-42448, carries a CVSS score of 9.9, indicating a near-perfect potential for exploitation. This critical remote code execution (RCE) flaw allows attackers to gain complete control of affected VSPC servers, potentially jeopardizing sensitive customer data and disrupting crucial backup and recovery operations. The vulnerability was discovered during internal testing and affects Veeam Service Provider Console versions 8.1.0.21377 and all earlier versions of builds 7 and 8.

A second, high-severity vulnerability (CVE-2024-42449, CVSS score 7.1) is also addressed in the patch. This flaw allows attackers to leak NTLM hashes of the VSPC server service account and delete files on the server, further escalating the potential damage. Both vulnerabilities are exploitable via authorized management agents, emphasizing the importance of robust security measures even within trusted environments. Veeam strongly advises all users to immediately upgrade to version 8.1.0.21999 to mitigate these risks. There are no mitigations available; updating to the latest version is the only solution.

Given the critical nature of VSPC in managing client backups and the potential for ransomware deployment using vulnerabilities in Veeam products, immediate action is crucial. The high CVSS scores highlight the extreme severity of these flaws, making swift patching essential for all affected organizations. The ease of exploitation, leveraging already-authorized management agents, underscores the importance of regular security updates and proactive vulnerability management. Failure to patch could lead to significant data breaches and business disruption.

ImgSrc: www.csoonline.com

References:

• Vulnerability Archives ? Cybersecurity News - Details on CVE-2024-42448: Critical RCE vulnerability in Veeam VSPC. - 26d
• The Hacker News - Veeam addresses a critical flaw in VSPC that could lead to remote code execution. - 26d
• Security Archives - Security Affairs - Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers to execute arbitrary code. - 26d
• Malware Analysis, News and Indicators - Latest topics - Veeam Service Provider Console (VSPC) Users Urged to Patch CVE-2024-42448 and CVE-2024-42449. - 26d
• @heiseonlineenglish - Veeam Service Provider Console: Critical vulnerability threatens client backups - 26d
• VMware offers fixes to severe vulnerabilities in VMware Aria | CSO Online - Veeam issues patch for critical RCE bug - 26d
• SOCRadar? Cyber Intelligence Inc. - SOCRadar's report on the Veeam VSPC vulnerability. - 26d
• www.heise.de - Veeam Service Provider Console: Critical vulnerability threatens client backups. - 26d
• www.veeam.com - Security advisory concerning two vulnerabilities in Veeam's Service Provider Console. - 26d
• @screaminggoat - Veeam security advisory 03 December 2024: CVE-2024-42448 ( 9.9 critical ) remote code execution CVE-2024-42449 (7.1 high) NTLM hash leak of the VSPC service account and file deletion No mention of exp - 26d
• Information Security Buzz - Details about the critical vulnerabilities found in Veeam Service Provider Console (VSPC) and the urgent need for users to update their systems. - 26d
• Vulnerabilities ? The Cyber Express - Article discussing the critical vulnerabilities in Veeam Service Provider Console, emphasizing the risk of remote code execution. - 25d

Classification:

• HashTags: Veeam RCE CriticalVulnerability
• Company: Veeam
• Target: Veeam VSPC users
• Product: Veeam VSPC
• Feature: Service Provider Console
• Type: Vulnerability
• Severity: Major