Main Vulnerability Database Vulnerabilities #VU101170

#VU101170 Information disclosure in Veeam Service Provider Console - CVE-2024-42449

Published: December 3, 2024

Vulnerability identifier: #VU101170

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-42449

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Veeam Service Provider Console

Software vendor:
Veeam

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to excessive data output by the application. A remote authenticated user can leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine.

Remediation

Install updates from vendor's website.

External links

https://www.veeam.com/kb4679

#VU101170 Information disclosure in Veeam Service Provider Console - CVE-2024-42449

Description

Remediation

External links

Please verify you're human