Skip to main content

Fixing Veeam Service Provider Console Vulnerability (CVE-20204-29212)

  • May 8, 2024
  • 5 comments
  • 378 views
leduardoserrano
Forum|alt.badge.img+6

Hi! This is a notice for Veeam´s VCSP Partners. Veeam asks service provider partners using supported versions (v7 & v8) of the Veeam Service Provider Console to apply the latest cumulative patches. While no confirmed cases of CVE-2024-29212 are being exploited, the advisory emphasizes the urgency of patching the vulnerability.

The following paths fix this vulnerability and do not affect any other Veeam product (e.g., Veeam Backup & Replication, Veeam Agent for Microsoft Windows, Veeam ONE, etc.).

· Veeam Service Provider Console 7.0.0.18899

· Veeam Service Provider Console 8.0.0.19236

Refer to the KB4575:

https://www.veeam.com/kb4575

 

Luiz Eduardo Serrano. My blog: https://cloudnroll.com
Chris.Childerhose
marco_s
kristofpoppe

5 comments

kristofpoppe
Forum|alt.badge.img+10
  • kristofpoppe
  • Veeam Vanguard
  • May 8, 2024

@leduardoserrano Thanks for the heads up ! We received the mailing today.

 

Downloaded the ISO, stopped the services and then run VSPC.ApplicationServer.x64_8.0.0.19236 + VSPC.WebUI.x64_8.0.0.19236 as administrator

 

Upgraded to the latest versions without any hickups !

Fan since FastSCP | VMCA-1 | VMCE9 | VMCE2022-24-25 | VMCA2024 | Object First ACE
Chris.Childerhose
dloseke
leduardoserrano
leduardoserrano
Forum|alt.badge.img+6
  • leduardoserrano
  • Author
  • On the path to Greatness
  • May 8, 2024

Thanks for the feedback @kristofpoppe ! I'm happy to know that the fix worked without any major problems! 👏🏻

Luiz Eduardo Serrano. My blog: https://cloudnroll.com
kristofpoppe
dloseke
leduardoserrano
Chris.Childerhose
Forum|alt.badge.img+21

Applied this fix yesterday and no issues. Thanks for sharing.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
dloseke
leduardoserrano
dloseke
Forum|alt.badge.img+8
  • dloseke
  • Veeam Vanguard
  • May 9, 2024

Came to post this.....of course I was too late....but a CVSS score of 9.9. Patch today folks!

Derek M. Loseke, Senior Systems Engineer | Veeam Vanguard 2025 | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
Chris.Childerhose
marco_s
leduardoserrano
vAdmin
Forum|alt.badge.img+2
  • vAdmin
  • Influencer
  • May 9, 2024

Thank you for sharing this update.

Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner, Certified Cybersecurity
Chris.Childerhose
leduardoserrano
Terms & ConditionsAccessibility statement