Veeam warns of critical RCE bug in Service Provider Console

Share:

​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.

VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.

The first security flaw fixed today (tracked as CVE-2024-42448 and rated with a 9.9/10 severity score) enables attackers to execute arbitrary code on unpatched servers from the VSPC management agent machine.

LM hash of the VSPC server service account and use the gained access to delete files on the VSPC server.

However, as the company explained in a security advisory published today, these two vulnerabilities can only be exploited successfully if the management agent is authorized on the targeted server.

The flaws impact VPSC 8.1.0.21377 and all earlier versions, including builds 8 and 7, but unsupported product versions are also likely affected and “should be considered vulnerable,” even though they weren’t tested.

“We encourage service providers using supported versions of Veeam Service Provider Console (versions 7 & 8) to update to the latest cumulative patch,” Veeam said.

“Service Providers using unsupported versions are strongly encouraged to upgrade to the latest version of Veeam Service Provider Console.”

Recent wild exploitation targeting Veeam vulnerabilities has shown that it’s crucial to patch vulnerable servers as soon as possible to block potential attacks.

As Sophos X-Ops incident responders revealed last month, an RCE flaw (CVE-2024-40711) in Veeam’s Backup & Replication (VBR) software disclosed in September is now exploited to deploy Frag ransomware.

The same vulnerability is also used to gain remote code execution on vulnerable VBR servers in Akira and Fog ransomware attacks.

Veeam says its products are used by over 550,000 customers worldwide, including 74% of all Global 2,000 companies and 82% of Fortune 500.

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
Austria, AT
9:55 pm, Dec 27, 2024
weather icon 1°C
L: 1° H: 1°
scattered clouds
Humidity 82 %
Pressure 1035 mb
Wind 6 mph SSE
Wind Gust Wind Gust: 5 mph
UV Index UV Index: 0
Precipitation Precipitation: 0 mm
Clouds Clouds: 46%
Rain Chance Rain Chance: 0%
Visibility Visibility: 10 km
Sunrise Sunrise: 7:53 am
Sunset Sunset: 4:22 pm
DailyHourly
Daily ForecastHourly Forecast
Scroll to Top