CVE-2024-45207

CVSS 3.0 Score 7 of 10 (high)

Details

Published Dec 4, 2024
CWE ID 426

Summary

CVE-2024-45207 is a new vulnerability affecting Veeam Agent for Windows. The issue arises when the system's PATH variable contains insecure directories. The agent searches these locations for required DLLs during execution. If an attacker places a malicious DLL in one of these directories, the Veeam Agent may unintentionally load it, resulting in code execution by the attacker. This vulnerability poses a significant risk, potentially leading to unauthorized access, data theft, or service disruptions. Users are advised to update their Veeam Agent for Windows installations and secure their PATH variables to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share