CVE-2024-42453

CVSS 7.4 HIGHEPSS 0.3%CWE-862

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Dec 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected products

Veeam · Backup & Replication

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.veeam.com/kb4693