Skip to main content

Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

dips
Forum|alt.badge.img+7
  • dips
  • Veeam Legend
  • 808 comments

In case you missed it, Veeam has announced a vulnerability affecting the Veeam Service Provider Console Vulnerability 

  • CVE-2024-29212
  • Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Its rated as Critical and CVSS v3.1 Score: 9.9 so patch as soon as possible

More info: https://www.veeam.com/kb4575

Affected versions: Veeam Service Provider Console | 4.0 | 5.0 | 6.0 | 7.0 | 8.0

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader

2 comments

Chris.Childerhose
Forum|alt.badge.img+21

Was able to catch this Tuesday and patch. No issues. I think this is the third or fourth post here now. 😂

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
vAdmin
leduardoserrano
2 people like this
  • vAdmin
    vAdmin
  • leduardoserrano
    leduardoserrano
vAdmin
Forum|alt.badge.img+2
  • vAdmin
  • Influencer
  • 168 comments
  • May 9, 2024

Thank you for sharing the update here, @dips 

The positive aspect is that Veeam internally identified the vulnerability, and there are no reports of active exploitation.

Well done Veeam team for quickly discovering and fixing this vulnerability.

Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner
Chris.Childerhose
leduardoserrano
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • leduardoserrano
    leduardoserrano

Comment


Terms & Conditions