CVE-2024-39714
📋 TL;DR
This critical vulnerability allows low-privileged users to upload arbitrary files to VSPC servers, leading to remote code execution. Attackers can gain full control of affected systems. All organizations using vulnerable Veeam VSPC versions are affected.
💻 Affected Systems
- Veeam Service Provider Console
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of VSPC server leading to data exfiltration, ransomware deployment, lateral movement across the network, and persistent backdoor installation.
Likely Case
Attackers gain administrative access to VSPC server, potentially compromising backup infrastructure and accessing sensitive backup data.
If Mitigated
Limited impact if proper network segmentation, least privilege access, and file upload restrictions are implemented.
🎯 Exploit Status
Exploitation requires authenticated low-privileged user access. The vulnerability is straightforward to exploit once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.2.0.16180
Vendor Advisory: https://www.veeam.com/kb4649
Restart Required: Yes
Instructions:
1. Download VSPC 7.2.0.16180 from Veeam website. 2. Run the installer on the VSPC server. 3. Follow upgrade wizard prompts. 4. Restart the server when prompted.
🔧 Temporary Workarounds
Restrict File Upload Permissions
windowsTemporarily restrict file upload capabilities for low-privileged users
Network Segmentation
allIsolate VSPC server from internet and restrict internal access
🧯 If You Can't Patch
- Implement strict network access controls to isolate VSPC server
- Remove or restrict low-privileged user accounts and implement multi-factor authentication
🔍 How to Verify
Check if Vulnerable:
Check VSPC version in Control Panel > Programs > Veeam Service Provider ConsoleCheck Version:
wmic product where name="Veeam Service Provider Console" get versionVerify Fix Applied:
Verify version shows 7.2.0.16180 or higher after patching📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to VSPC server
- Suspicious process execution from upload directories
- Authentication attempts from unexpected sources
Network Indicators:
- Unusual outbound connections from VSPC server
- Traffic to known malicious IPs
SIEM Query:
source="VSPC" AND (event="FileUpload" OR event="ProcessExecution")