CVE-2024-42453: A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure...

7.4 CVSS

Description

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.

Classification

CVE ID: CVE-2024-42453

CVSS Base Severity: HIGH

CVSS Base Score: 7.4

Affected Products

Vendor: Veeam

Product: Backup & Replication

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.veeam.com/kb4693

Timeline

2024-12-05 00:32:37 UTC
CVE

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure...