cbcvebase.
CVE-2024-42448
published 2024-12-12

CVE-2024-42448: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution…

PriorityP192critical9.9CVSS 3.0
AVNACLPRLUINSCCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
20.06%
97.1th percentile
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Affected

1 ranges
VendorProductVersion rangeFixed in
veeamservice_provider_console8.1 – 8.1

Detection & IOCsextracted from sources · hover to see the quote

  • RCE is only exploitable from the VSPC management agent machine when the management agent is authorized on the server — scope detection to authorized agent connections initiating unexpected code execution on the VSPC server
  • CVE-2024-42448 affects VSPC 8.1.0.21377 and all earlier versions including builds 8 and 7; flag any VSPC instances running these versions as unpatched and at risk
  • CVE-2024-42449 (companion vulnerability) enables NTLM hash theft of the VSPC server service account and file deletion — monitor for NTLM relay/pass-the-hash activity originating from VSPC service account context
  • ·Exploitation requires the management agent to be authorized on the targeted VSPC server — unauthenticated/unauthorized agents cannot trigger the RCE
  • ·Unsupported VSPC versions were not tested but should be treated as vulnerable

CVSS provenance

nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck9.9CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.