CVE-2024-42453

HIGH

Veeam Backup & Replication - Privilege Escalation

Title source: llm
STIX 2.1

Description

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0032
EPSS Percentile 24.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
veeam/veeam_backup_\&_replication 12.0.0.1402 - 12.3.0.310
Published Dec 04, 2024
Tracked Since Feb 18, 2026