skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Veeam Releases Patch for Critical RCE Vulnerability

/ 1 min read

Veeam addresses critical RCE vulnerability in Service Provider Console. Veeam has released security updates to fix a severe vulnerability, tracked as CVE-2024-42448, in its Service Provider Console (VSPC) that could allow remote code execution, scoring 9.9 on the CVSS scale. The flaw was discovered during internal testing and affects Veeam Service Provider Console versions 8.1.0.21377 and earlier. Additionally, another vulnerability (CVE-2024-42449) with a CVSS score of 7.1 could lead to NTLM hash leaks and file deletions. Veeam advises users to upgrade to version 8.1.0.21999, as there are no mitigations available for these issues. Given the potential for exploitation by threat actors, users are urged to secure their systems promptly.