CVE-2024-42457

CVSS 3.0 Score 7.7 of 10 (high)

Details

Published Dec 4, 2024
CWE ID 522

Summary

CVE-2024-42457 is a vulnerability affecting Veeam Backup & Replication that allows users with specific operator roles to expose saved credentials through a remote management interface. By leveraging a session object that enables credential enumeration and exploitation, attackers can gain access to plaintext credentials, putting sensitive data at risk. This issue arises due to the improper handling of a method used to add a new host with an attacker-controlled IP address.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share