CVE-2024-42448: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote...

9.9 CVSS

Description

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Classification

CVE ID: CVE-2024-42448

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.9

Affected Products

Vendor: Veeam

Product: Service Provider Console

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.veeam.com/kb4679

Timeline

2024-12-12 00:31:01 UTC
CVE

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote...