Critical RCE Flaw in Veeam Console Scores Near-Perfect 9.9 Severity – Patch Now Available

Critical RCE Flaw in Veeam Console Scores Near-Perfect 9.9 Severity - Patch Now Available

Veeam has patched critical security vulnerabilities in its Service Provider Console (VSPC):

CVE-2024-42448 (CVSS 9.9):
– Enables remote code execution on vulnerable systems
– Affects authorized management agents
– Discovered during internal testing

CVE-2024-42449 (CVSS 7.1):
– Can leak NTLM hash of VSPC server service account
– Allows file deletion on VSPC server

Affected versions:
– VSPC 8.1.0.21377 and earlier
– All versions 7 and 8

Resolution:
– Update to version 8.1.0.21999
– No alternative mitigations available
– Immediate upgrade recommended to prevent potential ransomware attacks

Share This Article