Critical RCE Vulnerability Identified in Veeam VSPC
/ 1 min read
Veeam Software issues critical security updates for vulnerabilities. The company has released urgent patches to address two significant vulnerabilities in its Service Provider Console (VSPC), with CVE-2024-42448 rated at a CVSS score of 9.9, allowing remote code execution by attackers. This flaw could enable unauthorized access to VSPC servers, risking sensitive customer data and disrupting backup operations. A second vulnerability, CVE-2024-42449, has a CVSS score of 7.1 and could allow attackers to extract sensitive information and delete files. Affected versions include VSPC 8.1.0.21377 and earlier; Veeam urges all service providers to update to version 8.1.0.21999 immediately to mitigate these risks.