CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42452

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.veeam.com/kb4693

Products affected by CVE-2024-42452

Veeam » Veeam Backup & Replication » Version: 12.0.0.1420

cpe:2.3:a:veeam:veeam_backup_&_replication:12.0.0.1420
Veeam » Veeam Backup & Replication » Version: 12.1.0.2131

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.0.2131
Veeam » Veeam Backup & Replication » Version: 12.1.1.56

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.1.56
Veeam » Veeam Backup & Replication » Version: 12.1.2.172

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.2.172
Veeam » Veeam Backup & Replication » Version: 12.2.0.334

cpe:2.3:a:veeam:veeam_backup_&_replication:12.2.0.334

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42452

Products

Pricing

Contact Us