CVE-2024-42449
published 2024-12-04CVE-2024-42449: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the…
PriorityP345high7.1CVSS 3.0
AVNACLPRLUINSUCNILAH
EPSS
5.37%
91.6th percentile
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | service_provider_console | 8.1 – 8.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
9th December – Threat Intelligence Report
blogs_checkpoint·2024-12-09
CVE-2024-8785 9th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th December, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Romania’s Constitutional Court annulled the first round of its presidential election after declassified intelligence revealed Russian interference favoring right wing candidate Călin Georgescu. The interference involved a sophisticated social media campaign on TikTok, with $381,000 spent to promote Georgescu without prope
Bleepingcomputer
Veeam warns of critical RCE bug in Service Provider Console
blogs_bleepingcomputer·2024-12-03·CVSS 9.8
[CRITICAL] Veeam warns of critical RCE bug in Service Provider Console
## Veeam warns of critical RCE bug in Service Provider Console
## Sergiu Gatlan
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.
VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
The first security flaw fixed today (tracked as CVE-2024-42448 and rated with a 9.9/10 severity score) enables attackers to execute arbitrary code on unpatched servers from the VSPC management agent machine.
Veeam also
2024-12-04
Published