cbcvebase.
CVE-2024-42453
published 2024-12-04

CVE-2024-42453: A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This…

PriorityP346high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.33%
24.2th percentile
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.

Affected

2 ranges
VendorProductVersion rangeFixed in
veeambackup_replication12.2 – 12.2
veeamveeam_backup_replication>= 12.0.0.1402 < 12.3.0.31012.3.0.310

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv3.07.4HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.