CVE-2024-42024

Published: Sep 7, 2024Modified: Apr 28, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

Affected (1)

Products: Veeam: One

Veeam

1 product

One

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Veeam One	From 12.0.0.2498 to 12.2.0.4093

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (1)

https://www.veeam.com/kb4649

Source: support@hackerone.com

Vendor Advisory

Timeline

No history available yet.