CVE-2024-42453

CVSS 3.0 Score 7.4 of 10 (high)

Details

Published Dec 4, 2024
CWE ID 862

Summary

CVE-2024-42453 is a newly discovered vulnerability affecting Veeam Backup & Replication software. This issue grants low-privileged users unnecessary control over connected virtual infrastructure hosts, enabling them to perform actions such as powering off virtual machines, deleting files, and configuring settings. Consequences of this vulnerability can result in Denial of Service (DoS) and data integrity issues.The root cause of this vulnerability stems from insufficient permission checks in methods that are accessible via management services. It is crucial for organizations using Veeam Backup & Replication to address this issue promptly to prevent potential security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share