Operational Defect Database

BugZero found this defect 234 days ago.

BugZero® Enterprise

Real-time monitoring
ServiceNow Integration
Problem ticket automation
Proactive by design

Veeam - Defect ID: kb4575
Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

BugZero® Risk Score

Coming soon

Learn more

Last update date:

9/12/2024

Priority: Unspecified
Status: Solved

Issue Details

CVE-2024-29212 Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. This vulnerability was detected during internal testing. Severity: CriticalCVSS v3.1 Score: 9.9CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Solution

The vulnerability documented in this article was fixed starting in the following builds of Veeam Service Provider Console:

Original Vendor Announcement

Top Veeam defects
(by risk score)

Search:

...

OPERATIONAL DEFECT DATABASE

Operational Defect Database

BugZero® Enterprise

Veeam - Defect ID: kb4575
Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

BugZero® Risk Score

Last update date:

Defect details

Known affected products

Known affected releases

Known fixed releases

Change History

Description

Issue Details

Solution

Sources / Additional Resources / Links

Top Veeam defects
(by risk score)

Search:

OPERATIONAL DEFECT DATABASE

Operational Defect Database

BugZero® Enterprise

Veeam - Defect ID: kb4575 Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

BugZero® Risk Score

Last update date:

Defect details

Known affected products

Known affected releases

Known fixed releases

Change History

Description

Issue Details

Solution

Sources / Additional Resources / Links

Top Veeam defects(by risk score)

Search:

Veeam - Defect ID: kb4575
Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Top Veeam defects
(by risk score)