Veeam Points Patch for Important RCE Vulnerability in Service Supplier Console

Dec 04, 2024Ravie LakshmananVulnerability / Ransomware

Veeam has launched safety updates to handle a essential flaw impacting Service Supplier Console (VSPC) that might pave the way in which for distant code execution on prone cases.

The vulnerability, tracked as CVE-2024-42448, carries a CVSS rating of 9.9 out of a most of 10.0. The corporate famous that the bug was recognized throughout inside testing.

“From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine,” Veeam stated in an advisory.

Cybersecurity

One other defect patched by Veeam pertains to a vulnerability (CVE-2024-42449, CVSS rating: 7.1) that could possibly be abused to leak an NTLM hash of the VSPC server service account and delete recordsdata on the VSPC server machine.

Each the recognized vulnerabilities have an effect on Veeam Service Supplier Console 8.1.0.21377 and all earlier variations of seven and eight builds. They’ve been addressed in model 8.1.0.21999.

Veeam additional stated there aren’t any mitigations to repair the issues, and that the one answer is to improve to the newest model of the software program.

With flaws in Veeam merchandise being abused by risk actors to deploy ransomware, it is crucial that customers take motion to safe their cases as quickly as potential.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...