CVE-2024-42448 (CVSS 9.9):
– Enables remote code execution on vulnerable systems
– Affects authorized management agents
– Discovered during internal testing
CVE-2024-42449 (CVSS 7.1):
– Can leak NTLM hash of VSPC server service account
– Allows file deletion on VSPC server
Affected versions:
– VSPC 8.1.0.21377 and earlier
– All versions 7 and 8
Resolution:
– Update to version 8.1.0.21999
– No alternative mitigations available
– Immediate upgrade recommended to prevent potential ransomware attacks