← Back

CVE-2024-42452

nvd nist
Published: Dec 4, 2024Modified: Apr 24, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.

Affected (1)

Veeam
1 product
Veeam Backup & Replication
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Veeam Backup & Replication
From 12.0.0.1402 to 12.3.0.310

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

Source: support@hackerone.com
Vendor Advisory

Timeline

No history available yet.