Veeam Addresses Critical Remote Code Execution Vulnerability in Service Provider Console

December 3, 2024

Veeam has issued security updates to rectify two vulnerabilities in its Service Provider Console (VSPC), one of which is a critical remote code execution (RCE) bug. The VSPC is a platform used by service providers for monitoring the health and security of customer backups and managing Veeam-protected workloads.

The first security flaw (CVE-2024-42448) carries a severity score of 9.9/10 and could enable threat actors to execute arbitrary code on unpatched servers from the VSPC management agent machine. Veeam has also resolved a high-severity vulnerability (CVE-2024-42449) that could potentially allow attackers to steal the NTLM hash of the VSPC server service account. This could be used to delete files on the VSPC server.

It is important to note that these vulnerabilities can only be exploited if the management agent is authorized on the targeted server. The flaws affect VPSC 8.1.0.21377 and all previous versions, including builds 8 and 7. Unsupported product versions are also likely affected and should be considered vulnerable.

Veeam has urged service providers using supported versions of Veeam Service Provider Console (versions 7 & 8) to update to the latest cumulative patch. Those using unsupported versions are strongly encouraged to upgrade to the latest version of Veeam Service Provider Console.

In light of recent exploitation of Veeam vulnerabilities, it is crucial to patch vulnerable servers promptly to prevent potential attacks. Last month, Sophos X-Ops incident responders revealed that an RCE flaw (CVE-2024-40711) in Veeam's Backup & Replication (VBR) software, disclosed in September, is now being exploited to deploy Frag ransomware. The same vulnerability is also used to gain remote code execution on vulnerable VBR servers in Akira and Fog ransomware attacks.

With over 550,000 customers worldwide, including 74% of all Global 2,000 companies and 82% of Fortune 500, Veeam's products are widely used, making the prompt patching of these vulnerabilities crucial to protect a large number of businesses.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.