← Back

CVE-2024-45207

nvd nist
Published: Dec 4, 2024Modified: Jul 2, 2025

JSON object

Loading...
7.0
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: support@hackerone.com (Secondary)

Description

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services

Affected (1)

Veeam
1 product
Veeam Agent For Windows
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Veeam Agent For Windows
From 6.0.0.959 to 6.3.0.177

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (1)

Source: support@hackerone.com
Vendor Advisory

Timeline

No history available yet.