CVE-2024-29212 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2024-29212?

CVE-2024-29212 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows remote code execution on Veeam Service Provider Console servers through unsafe deserialization in agent communication. Attackers can execute arbitrary code with SYSTEM privileges on affected VSPC servers. Organizations using Veeam Service Provider Console are affected.

📋 TL;DR

This vulnerability allows remote code execution on Veeam Service Provider Console servers through unsafe deserialization in agent communication. Attackers can execute arbitrary code with SYSTEM privileges on affected VSPC servers. Organizations using Veeam Service Provider Console are affected.

💻 Affected Systems

Products:

Veeam Service Provider Console

Versions: Versions prior to the fix

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects VSPC server component that communicates with management agents.

📦 What is this software?

Veeam Service Provider Console by Veeam

View all CVEs affecting Veeam Service Provider Console →

Veeam Service Provider Console by Veeam

View all CVEs affecting Veeam Service Provider Console →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of VSPC server leading to domain takeover, data exfiltration, ransomware deployment, and lateral movement to connected backup infrastructure.

🟠

Likely Case

RCE leading to credential theft, backup data manipulation, and deployment of persistence mechanisms.

🟢

If Mitigated

Limited impact if network segmentation prevents access to VSPC server and proper authentication controls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to VSPC server and knowledge of communication protocol.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Veeam KB4575 for specific version

Vendor Advisory: https://www.veeam.com/kb4575

Restart Required: Yes

Instructions:

1. Download latest VSPC version from Veeam website. 2. Backup current configuration. 3. Run installer with administrative privileges. 4. Restart VSPC services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to VSPC server to only trusted management networks

Firewall Rules

all

Block unnecessary inbound connections to VSPC server ports

🧯 If You Can't Patch

Implement strict network segmentation to isolate VSPC server
Monitor for unusual process execution and network connections from VSPC server

🔍 How to Verify

Check if Vulnerable:

Check VSPC version against patched version in Veeam KB4575

Check Version:

Check VSPC web interface or installation directory for version information

Verify Fix Applied:

Verify VSPC version is updated to patched version and test agent communication

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from VSPC service account
Failed authentication attempts to VSPC
Unusual network connections from VSPC server

Network Indicators:

Unusual outbound connections from VSPC server
Suspicious payloads in VSPC agent communication

SIEM Query:

Process Creation where Parent Process Name contains 'Veeam' AND Command Line contains suspicious patterns

📊 Metadata

CVE ID: CVE-2024-29212

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-502

Published: May 14, 2024

Last Updated: June 30, 2025

🔗 References

https://www.veeam.com/kb4575 Vendor Advisory
https://www.veeam.com/kb4575 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29212, you might also want to check these: