CVE-2024-42448

CRITICAL EXPLOITED RANSOMWARE

VSPC - RCE

Title source: llm

Description

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Exploits (1)

nomisec SUSPICIOUS

by h3lye · poc

https://github.com/h3lye/CVE-2024-42448-RCE

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.veeam.com/kb4679

Scores

CVSS v3 9.9

EPSS 0.6050

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2025-01-23

Ransomware Use Confirmed

CWE

CWE-94

Status published

Products (1)

Veeam/Service Provider Console 8.1

Published Dec 12, 2024

Tracked Since Feb 18, 2026