Description
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.
References (1)
Core 1
Core References
Vendor Advisory
https://www.veeam.com/kb4693
Scores
CVSS v3
8.8
EPSS
0.0048
EPSS Percentile
37.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (1)
veeam/veeam_backup_\&_replication
12.0.0.1402 - 12.3.0.310
Published
Dec 04, 2024
Tracked Since
Feb 18, 2026