CVE-2024-42448
CVE-2024-42448
In short
A flaw in VSPC server allows an authorized management agent to execute arbitrary code remotely on the server machine. This is critical because it gives attackers complete control over the VSPC system if they compromise the management agent.
Technical detail
CWE-94 (Improper Control of Generation of Code) enables Remote Code Execution when an authenticated management agent communicates with the VSPC server. The vulnerability requires prior authorization of the management agent on the server; exploitation results in arbitrary code execution with server-level privileges.
Summary generated and translated by AI from the official description.
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Veeam · Service Provider Consolepublic PoCs found — 1
githubgithub.com/h3lye/CVE-2024-42448-RCE★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.veeam.com/kb4679