CVE-2024-42448
published 2024-12-12CVE-2024-42448: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution…
PriorityP192critical9.9CVSS 3.0
AVNACLPRLUINSCCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
20.06%
97.1th percentile
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | service_provider_console | 8.1 – 8.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →RCE is only exploitable from the VSPC management agent machine when the management agent is authorized on the server — scope detection to authorized agent connections initiating unexpected code execution on the VSPC server ↗
- →CVE-2024-42448 affects VSPC 8.1.0.21377 and all earlier versions including builds 8 and 7; flag any VSPC instances running these versions as unpatched and at risk ↗
- →CVE-2024-42449 (companion vulnerability) enables NTLM hash theft of the VSPC server service account and file deletion — monitor for NTLM relay/pass-the-hash activity originating from VSPC service account context ↗
- ·Exploitation requires the management agent to be authorized on the targeted VSPC server — unauthenticated/unauthorized agents cannot trigger the RCE ↗
- ·Unsupported VSPC versions were not tested but should be treated as vulnerable ↗
CVSS provenance
nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck9.9CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w4gc-9x8j-9hjv: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code E
ghsa_unreviewed·2024-12-12
CVE-2024-42448 [CRITICAL] CWE-94 GHSA-w4gc-9x8j-9hjv: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code E
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
VulnCheck
Veeam Service Provider Console Remote Code Execution Vulnerability
vulncheck·2024·CVSS 9.9
CVE-2024-42448 [CRITICAL] Veeam Service Provider Console Remote Code Execution Vulnerability
Veeam Service Provider Console Remote Code Execution Vulnerability
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Affected: Veeam Veeam Service Provider Console
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://insights.nccgroup.com/l/898251/2025-01-15/31km7v7/898251/1736933471Luh7mq1o/Dec_Monthly_Threat_Pulse_Freemium_V4.pdf
No detection rules found.
No public exploits indexed.
Checkpoint
9th December – Threat Intelligence Report
blogs_checkpoint·2024-12-09
CVE-2024-8785 9th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th December, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Romania’s Constitutional Court annulled the first round of its presidential election after declassified intelligence revealed Russian interference favoring right wing candidate Călin Georgescu. The interference involved a sophisticated social media campaign on TikTok, with $381,000 spent to promote Georgescu without prope
Bleepingcomputer
Veeam warns of critical RCE bug in Service Provider Console
blogs_bleepingcomputer·2024-12-03·CVSS 9.8
[CRITICAL] Veeam warns of critical RCE bug in Service Provider Console
## Veeam warns of critical RCE bug in Service Provider Console
## Sergiu Gatlan
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.
VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
The first security flaw fixed today (tracked as CVE-2024-42448 and rated with a 9.9/10 severity score) enables attackers to execute arbitrary code on unpatched servers from the VSPC management agent machine.
Veeam also
Bugzilla
Firefox for iOS QR Code Scanner Open Redirect
bugzilla·2024-06-18·CVSS 6.1
[MEDIUM] Firefox for iOS QR Code Scanner Open Redirect
Firefox for iOS QR Code Scanner Open Redirect
Created attachment 9408264
firefox_qrcode_poc.mp4
Reproduce Step
1. Launch the Firefox iOS app.
2. Navigate the QR code scanner in the Home page search bar (Top Right Side)
3. Create a QR Code with a specially crafted URL using https://www.qr-code-generator.com/
4. Scan a QR code that contains a specially crafted URL with an external domain(evil.com).
5. This will redirect to URL immediately without any user confirmation
IOS Version : 18.0
FIrefox Version : Firefox 127.0 (42448)
An attacker could exploit this vulnerability to trick users into visiting malicious websites.
The vulnerability is the same type of vulnerability as CVE-2024-0953. However, the same can be done on the latest Firefox. (https://bugzilla.mozilla.org/show_bug.cgi?id=183
2024-12-12
Published
Exploited in the wild