BugZero | Veeam BugID kb4575 - Veeam Service Provider Console Vulnerability ( CVE...

OPERATIONAL DEFECT DATABASE

...

BugZero | Veeam BugID kb4575 - Veeam Service Provider Console Vulnerability ( CVE...

Veeam - Defect ID: kb4575

Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Veeam - Defect ID: kb4575

Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Last updated on September 12th, 2024

BugZero Risk Score
4.5 Medium

Overall: 4.5

Severity: 4.6

Community: 7.8

What is the BugZero Risk Score?

Veeam Integration

Learn more about where this data comes from

Veeam Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Unspecified
Status: Solved

Description

Issue Details

CVE-2024-29212 Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. This vulnerability was detected during internal testing. Severity: CriticalCVSS v3.1 Score: 9.9CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Solution

The vulnerability documented in this article was fixed starting in the following builds of Veeam Service Provider Console:

Change history

No changes to display

2024-09-12 Added: 8.0, 4.0, 7.0, 8.1, 5.0, 6.0

2024-09-12 Added: 9

Top Veeam Defects

9.9Defect ID: kb4445
Restore/Failover/SureBackup of Virtual Machines running Windows 8.1/Window Server 2012 R2 (or older) triggers chkdsk if Veeam Backup Server or Mount Server is Running Windows Server 2022 (or newer)
9.8Defect ID: kb4529
OneDrive backup job fails with "Download request retry timeout exceeded"
9.8Defect ID: kb1914
“Invalid Credentials” Error Adding a Hyper-V Host Using a Local Account
9.7Defect ID: kb4648
Connection to Veeam Software Appliance Fails With: "Authentication failed: invalid credentials"
9.7Defect ID: kb4548
Agent is managed by another Veeam server

Veeam Integration

Learn more about where this data comes from

Veeam Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Veeam - Defect ID: kb4575

Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Veeam - Defect ID: kb4575

Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Last updated on September 12th, 2024

BugZero Risk Score4.5 Medium

Bug Details

Issue Details

Solution

Links

Top Veeam Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
4.5 Medium