CVE-2024-45207 – This vulnerability allows DLL injection in Veea... (How to Fix)

Q: What is the severity of CVE-2024-45207?

CVE-2024-45207 has a CVSS score of 7.0 (HIGH). This vulnerability allows DLL injection in Veeam Agent for Windows when the system's PATH variable includes insecure directories. Attackers can place malicious DLLs in these locations, which the agent may load during execution, enabling arbitrary code execution. This affects all Windows systems running vulnerable versions of Veeam Agent.

📋 TL;DR

This vulnerability allows DLL injection in Veeam Agent for Windows when the system's PATH variable includes insecure directories. Attackers can place malicious DLLs in these locations, which the agent may load during execution, enabling arbitrary code execution. This affects all Windows systems running vulnerable versions of Veeam Agent.

💻 Affected Systems

Products:

Veeam Agent for Windows

Versions: All versions prior to the fix

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires insecure directories in system PATH variable and ability to place DLLs in those locations.

📦 What is this software?

Veeam Agent For Windows by Veeam

View all CVEs affecting Veeam Agent For Windows →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, enabling data theft, ransomware deployment, or complete service disruption of backup operations.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to backup data and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper PATH variable hardening and restricted user permissions preventing DLL placement in insecure locations.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to place malicious DLLs in PATH directories and trigger Veeam Agent execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Veeam KB4693 for latest patched version

Vendor Advisory: https://www.veeam.com/kb4693

Restart Required: No

Instructions:

1. Download latest Veeam Agent for Windows from official portal. 2. Run installer with administrative privileges. 3. Follow on-screen upgrade instructions. 4. Verify successful update in agent interface.

🔧 Temporary Workarounds

Secure PATH Environment Variable

Windows

Remove insecure directories from system PATH variable to prevent DLL search in untrusted locations.

Control Panel > System > Advanced system settings > Environment Variables > Edit PATH variable to remove insecure directories

🧯 If You Can't Patch

Restrict write permissions to directories in PATH variable to prevent DLL placement
Implement application whitelisting to block execution of unauthorized DLLs

🔍 How to Verify

Check if Vulnerable:

Check Veeam Agent version and compare against patched versions in KB4693. Also verify PATH variable contains only secure directories.

Check Version:

Open Veeam Agent for Windows > Help > About to view version

Verify Fix Applied:

Confirm Veeam Agent version matches or exceeds patched version from KB4693 and test agent functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual DLL loading events in Windows Event Logs (Security/System)
Veeam Agent process loading DLLs from unexpected locations

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=7 OR EventID=11 WHERE ImagePath contains 'Veeam' AND ProcessCommandLine contains suspicious DLL paths

📊 Metadata

CVE ID: CVE-2024-45207

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-426

Published: December 4, 2024

Last Updated: July 2, 2025

🔗 References

https://www.veeam.com/kb4693 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45207, you might also want to check these: