CVE-2024-42449

CVSS 7.1 HIGHEPSS 5.4%CWE-732

In short

A vulnerability in VSPC allows an authorized management agent to delete any files on the VSPC server, potentially causing data loss or system disruption.

Technical detail

CWE-732 (Improper Permission Assignment): An authenticated management agent can perform arbitrary file deletion on the VSPC server due to insufficient access controls. This requires prior authorization of the agent on the server and direct network access from the management agent machine.

Summary generated and translated by AI from the official description.

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected products

Veeam · Service Provider Console

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.veeam.com/kb4679