{"id":1069,"date":"2024-12-04T13:18:21","date_gmt":"2024-12-04T13:18:21","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1069"},"modified":"2024-12-04T13:18:21","modified_gmt":"2024-12-04T13:18:21","slug":"veeam-issues-patch-for-critical-rce-bug","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1069","title":{"rendered":"Veeam issues patch for critical RCE bug"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Veeam is warning its customers of two vulnerabilities, of which one is a critical RCE bug, affecting the Service Provider Console (VSPC), a web-based management platform for managed service providers (MSPs).<\/p>\n<p>On Tuesday, the data protection and backup solutions provider that powers IT systems availability for leading brands like Cisco, Lenovo, and NASA, issued an<a href=\"https:\/\/www.veeam.com\/kb4679\"> advisory<\/a> stating the exploitation of the bugs is possible only under certain circumstances.<\/p>\n<p>While an update with the necessary patches has been released, there is presently no mitigation available for flawed instances.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Critical RCE bug discovered during testing<\/h2>\n<p>The first flaw fixed in the said update tracked as CVE-2024-42448, is a critical remote code execution (RCE) bug that could allow threat actors to execute arbitrary code on unpatched VSPC server machines.<\/p>\n<p>\u201cFrom the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine,\u201d Veeam said.<\/p>\n<p>The vulnerability, which was reportedly discovered during Veeam\u2019s internal testing, has received a critical rating with a CVSS score of 9.9\/10.<\/p>\n<p>A quick scan on the popular leak search platform LeakIX, at the time of publishing this article, revealed over a million (1186722) potentially affected VSPC instances on the internet, with about half of them in the US and Germany alone.<\/p>\n<p>The vulnerability affects VSPC versions 8.1.0.21377 and earlier (8 and &amp; builds), and has been fixed within the 8.1.0.21999 update. \u201cUnsupported product versions are not tested, but are likely affected and should be considered vulnerable,\u201d the company wrote.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Another high-severity bug found<\/h2>\n<p>Along with the critical RCE bug, Veeam issued alerts for another high-severity flaw, tracked as CVE-2024-42449, which allowed attackers to perform unauthorized deletion of VSPC server files.<\/p>\n<p>\u201cFrom the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine,\u201d Veeam said.<\/p>\n<p>The flaw which received a 7.1\/10 CVSS score was fixed in the same update and, like the RCE bug, was reported not to be affecting any other Veeam products such as Veeam Backup and Replication (VBR), Veeam Agent for Microsoft Windows and Veeam ONE. Another critical RCE flaw affecting Veeam\u2019s VBR, tracked as<a href=\"https:\/\/www.tenable.com\/cve\/CVE-2024-40711\"> CVE-2024-40711<\/a>,\u00a0 was disclosed earlier in September and was later<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/akira-and-fog-ransomware-now-exploiting-critical-veeam-rce-flaw\/\"> reported as being<\/a> exploited as<a href=\"https:\/\/www.csoonline.com\/article\/3592294\/patched-sonicwall-critical-vulnerability-still-used-in-several-ransomware-attacks.html\"> one of Akira and Fog ransomware N-day infections<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Veeam is warning its customers of two vulnerabilities, of which one is a critical RCE bug, affecting the Service Provider Console (VSPC), a web-based management platform for managed service providers (MSPs). On Tuesday, the data protection and backup solutions provider that powers IT systems availability for leading brands like Cisco, Lenovo, and NASA, issued an [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1070,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1069","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1069"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1069"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1069\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1070"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}