CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.4%

CVSS Severity

CVSS v3 Score 7.7

References

https://www.veeam.com/kb4693

Products affected by CVE-2024-42457

Veeam » Veeam Backup & Replication » Version: 12.0.0.1420

cpe:2.3:a:veeam:veeam_backup_&_replication:12.0.0.1420
Veeam » Veeam Backup & Replication » Version: 12.1.0.2131

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.0.2131
Veeam » Veeam Backup & Replication » Version: 12.1.1.56

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.1.56
Veeam » Veeam Backup & Replication » Version: 12.1.2.172

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.2.172
Veeam » Veeam Backup & Replication » Version: 12.2.0.334

cpe:2.3:a:veeam:veeam_backup_&_replication:12.2.0.334

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42457

Products

Pricing

Contact Us