RCE Vulnerability in Veeam Service Provider Allows Attackers to Execute Arbitrary Code

Veeam, a leading technology company in data backup and system recovery, has recently identified two significant vulnerabilities in its Service Provider Console (VSPC) software. Among these, a critical Remote Code Execution (RCE) vulnerability poses a severe threat to system security. These vulnerabilities could compromise system integrity and put sensitive data at risk.

Key Vulnerability Details

CVE-2024-42448: Remote Code Execution (RCE)

  • Severity: Critical (CVSS 9.9/10).
  • Impact: This vulnerability allows an attacker, if the management agent is authorized on the server, to execute arbitrary commands on the VSPC server.
  • Threat: It poses a significant risk to the security and integrity of the system.

CVE-2024-42449: NTLM Hash Theft and File Deletion

  • Severity: High (CVSS 7.1/10).
  • Impact: Attackers could steal the NTLM hash of the VSPC server service account or delete files on the VSPC server.
  • Limitation: This vulnerability can only be exploited if the management agent is authorized on the targeted server.

Affected Versions

These vulnerabilities impact VSPC version 8.1.0.21377 and all earlier versions (including builds 8 and 7).
While unsupported versions were not tested, Veeam warns that they are likely vulnerable and strongly recommends upgrading.

Recommendations

Veeam has released an update to address these vulnerabilities. The only effective solution is to install the patched version Veeam Service Provider Console 8.1.0.21999.

  • Apply the update as soon as possible.
  • Upgrade outdated versions. Users running unsupported versions are strongly advised to migrate to the latest version.
  • Monitor systems continuously. Enable security monitoring to detect and prevent potential attacks.

Why This Matters

Recent exploitation of Veeam vulnerabilities in ransomware attacks, such as the use of CVE-2024-40711 in Frag, Akira, and Fog ransomware campaigns, underscores the urgency of addressing these issues.

With Veeam’s global client base exceeding 550,000 companies worldwide, including a significant portion of Fortune 500 and Global 2000 corporations, addressing these vulnerabilities is critical not only for individual organizations but also for ensuring broader network security.

Skip to content