Veeam Patches Critical Vulnerabilities in Service Provider Console

2024-12-04

Learn about the critical importance of timely patch management to safeguard against remote code execution vulnerabilities in cloud services.

 

Veeam has released patches for critical vulnerabilities in its Service Provider Console, including a severe remote code execution flaw. These vulnerabilities, affecting versions 8.1.0.21377 and earlier, have been resolved in version 8.1.0.21999. The vulnerabilities could allow remote code execution and NTLM hash leakage, with no available mitigations other than upgrading to the latest version.

 

Key Facts

Risks:

Patch Management, Remote Code Execution

Keywords:

Veeam, Service Provider Console, Remote Code Execution, Vulnerability, NTLM Hash Leakage, Patch Management

CVE:

CVE-2024-42448; CVE-2024-42449

Affected:

Veeam Service Provider Console

 

Article Body

Veeam Addresses Critical Vulnerabilities in Service Provider Console

Veeam, a well-known data management company, has released security updates to fix critical vulnerabilities in its Service Provider Console (VSPC). These vulnerabilities, if left unaddressed, could allow unauthorized remote code execution and other security breaches.

Key Vulnerabilities

Two major vulnerabilities have been identified:

  1. Remote Code Execution (RCE) Vulnerability: This critical flaw could enable attackers to execute arbitrary code on vulnerable VSPC instances. The vulnerability was discovered during Veeam's internal testing processes. It affects the VSPC management agent machine, allowing remote code execution on the VSPC server if the management agent is authorized on the server.

  2. NTLM Hash Leakage and File Deletion Vulnerability: Another serious issue allows attackers to exploit the system to leak an NTLM hash of the VSPC server's service account and delete files on the server.

Impacted Versions

These vulnerabilities affect Veeam Service Provider Console version 8.1.0.21377 and all earlier versions of builds 7 and 8.

Remediation

Veeam has addressed these issues in version 8.1.0.21999. It is crucial for users to upgrade to this latest version, as there are no alternative mitigations available to resolve these problems. The updates ensure that the VSPC is secured against potential exploits.

By understanding these vulnerabilities and applying the necessary updates, organizations can protect their systems from unauthorized access and maintain the integrity of their data management processes.

 

Read More

https://thehackernews.com/2024/12/veeam-issues-patch-for-critical-rce.html?m=1