CVE-2024-42448
📋 TL;DR
This critical vulnerability allows an attacker with access to a VSPC management agent machine to execute arbitrary code on the VSPC server, potentially taking full control of the server. It affects Veeam Service Provider Console installations where management agents are authorized on the server. The CVSS 9.9 score indicates near-maximum severity.
💻 Affected Systems
- Veeam Service Provider Console
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the VSPC server, allowing attacker to steal all managed backup data, deploy ransomware across managed environments, and pivot to other systems in the infrastructure.
Likely Case
Attacker gains administrative control of the VSPC server, enabling them to access backup repositories, modify backup jobs, and potentially access credentials for managed systems.
If Mitigated
With proper network segmentation and strict access controls, impact is limited to the VSPC server itself, though this still represents significant risk to backup integrity.
🎯 Exploit Status
Exploitation requires access to a management agent machine that is authorized on the server, but once this condition is met, the RCE is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.0.2.1541
Vendor Advisory: https://www.veeam.com/kb4679
Restart Required: Yes
Instructions:
1. Download VSPC 7.0.2.1541 from Veeam's website. 2. Run the installer on the VSPC server. 3. Follow the upgrade wizard. 4. Restart the VSPC server after installation completes.
🔧 Temporary Workarounds
Network Segmentation
allIsolate VSPC management agent machines from the VSPC server using firewall rules to prevent unauthorized access.
Restrict Management Agent Access
windowsReview and minimize which management agents are authorized on the VSPC server to reduce attack surface.
🧯 If You Can't Patch
- Implement strict network segmentation between management agent machines and the VSPC server
- Apply principle of least privilege to management agent access and monitor for unauthorized connections
🔍 How to Verify
Check if Vulnerable:
Check VSPC version in the console under Help > About. If version is below 7.0.2.1541, the system is vulnerable.Check Version:
Not applicable - use GUI method aboveVerify Fix Applied:
After patching, verify the version shows 7.0.2.1541 or higher in Help > About.📡 Detection & Monitoring
Log Indicators:
- Unusual process creation events on VSPC server
- Suspicious network connections from management agent machines to VSPC server
Network Indicators:
- Unexpected RPC/DCOM traffic between management agents and VSPC server
- Anomalous outbound connections from VSPC server
SIEM Query:
source="VSPC" AND (event_id="4688" OR process_name="cmd.exe" OR process_name="powershell.exe") AND parent_process="Veeam.VSPC.Service"