Veeam Releases Patch for Critical RCE Vulnerability
/ 1 min read
Veeam addresses critical RCE vulnerability in Service Provider Console. Veeam has released security updates to fix a severe vulnerability, tracked as CVE-2024-42448, in its Service Provider Console (VSPC) that could allow remote code execution, scoring 9.9 on the CVSS scale. The flaw was discovered during internal testing and affects Veeam Service Provider Console versions 8.1.0.21377 and earlier. Additionally, another vulnerability (CVE-2024-42449) with a CVSS score of 7.1 could lead to NTLM hash leaks and file deletions. Veeam advises users to upgrade to version 8.1.0.21999, as there are no mitigations available for these issues. Given the potential for exploitation by threat actors, users are urged to secure their systems promptly.