CVE-2024-42448

CRITICAL EXPLOITED RANSOMWARE

Veeam Service Provider Console 8.1 - Management Agent Remote Code Execution

Title source: manual

Exploitation Summary

CVE-2024-42448 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including h3lye.

AI-analyzed exploit summary The repository claims to provide a Python script for CVE-2024-42448 (Veeam Service Provider Console RCE) but only contains a README with vague details and external download links (bit.ly). No actual exploit code or technical analysis is included.

Description

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Exploits (1)

nomisec SUSPICIOUS

by h3lye · poc

https://github.com/h3lye/CVE-2024-42448-RCE

View Code ZIP pw:eip

The repository claims to provide a Python script for CVE-2024-42448 (Veeam Service Provider Console RCE) but only contains a README with vague details and external download links (bit.ly). No actual exploit code or technical analysis is included.

Classification

Suspicious 95%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: Veeam Service Provider Console (VSPC)

No auth needed

Prerequisites: none specified

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://www.veeam.com/kb4679

Scores

CVSS v3 9.9

EPSS 0.2006

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-01-23

Ransomware Use Confirmed

CWE

CWE-94

Status published

Products (1)

Veeam/Service Provider Console 8.1

Published Dec 12, 2024

Tracked Since Feb 18, 2026