CVE-2024-42449
📋 TL;DR
This vulnerability allows an authorized Veeam Service Provider Console (VSPC) management agent to delete arbitrary files on the VSPC server. It affects VSPC deployments where management agents have been granted server access. The risk is limited to environments with authorized management agents.
💻 Affected Systems
- Veeam Service Provider Console
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical system files could be deleted, causing service disruption, data loss, or complete server compromise if key configuration or executable files are removed.
Likely Case
Unauthorized deletion of application files, logs, or configuration data leading to service degradation or operational disruption.
If Mitigated
Minimal impact if proper access controls and monitoring are in place, with only authorized agents performing legitimate file operations.
🎯 Exploit Status
Exploitation requires authorized management agent access. Attackers would need to compromise or control an authorized agent machine first.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: VSPC version with fix applied (see KB4679)
Vendor Advisory: https://www.veeam.com/kb4679
Restart Required: No
Instructions:
1. Download the latest VSPC update from Veeam's website. 2. Run the installer on the VSPC server. 3. Follow the upgrade wizard. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict Management Agent Access
allLimit which management agents are authorized on the VSPC server to only those absolutely necessary.
Implement File Integrity Monitoring
allMonitor critical directories on the VSPC server for unauthorized file deletions or modifications.
🧯 If You Can't Patch
- Implement strict access controls for management agent machines
- Monitor agent-server communications for suspicious file deletion patterns
🔍 How to Verify
Check if Vulnerable:
Check VSPC version against the patched version mentioned in KB4679. If running an older version, you are vulnerable.Check Version:
Check VSPC version in the console interface or via the VSPC installation directory properties.Verify Fix Applied:
Verify VSPC version matches or exceeds the patched version from KB4679. Check that management agents can only perform authorized operations.📡 Detection & Monitoring
Log Indicators:
- Unexpected file deletion events in VSPC logs
- Failed file operations from management agents
- Unauthorized access attempts to sensitive directories
Network Indicators:
- Unusual file deletion commands in agent-server communications
- Suspicious patterns in VSPC protocol traffic
SIEM Query:
source="VSPC" AND (event_type="file_deletion" OR operation="delete") AND NOT user="authorized_user"