CVE-2024-42452: A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials,...

8.8 CVSS

Description

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.

Classification

CVE ID: CVE-2024-42452

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

Affected Products

Vendor: Veeam

Product: Backup & Replication

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.veeam.com/kb4693

Timeline

2024-12-05 00:32:37 UTC
CVE

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials,...