CVE-2024-45207

CVSS 7 HIGHEPSS 0.2%CWE-426

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Dec 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Veeam · Agent for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.veeam.com/kb4693