• EN

Fixing Veeam Service Provider Console Vulnerability (CVE-20204-29212)

leduardoserrano
Userlevel 7
Badge +6

Hi! This is a notice for Veeam´s VCSP Partners. Veeam asks service provider partners using supported versions (v7 & v8) of the Veeam Service Provider Console to apply the latest cumulative patches. While no confirmed cases of CVE-2024-29212 are being exploited, the advisory emphasizes the urgency of patching the vulnerability.

The following paths fix this vulnerability and do not affect any other Veeam product (e.g., Veeam Backup & Replication, Veeam Agent for Microsoft Windows, Veeam ONE, etc.).

· Veeam Service Provider Console 7.0.0.18899

· Veeam Service Provider Console 8.0.0.19236

Refer to the KB4575:

https://www.veeam.com/kb4575

 

Luiz Eduardo Serrano. Cloud Architect, Systems Engineer for Veeam and Object First. Veeam Vanguard/VMCA 2024/VMCE. VMware Tanzu Vanguard 2024/VCP Security/VMware User Group, 4xHPE Master ASE/Instructor, RedHat Ansible SE/Instructor, AWS Architect, Nutanix NCA, Cisco-HPE Cloud & DC champion. My blog: https://cloudnroll.com

5 comments

kristofpoppe
Userlevel 7
Badge +8

@leduardoserrano Thanks for the heads up ! We received the mailing today.

 

Downloaded the ISO, stopped the services and then run VSPC.ApplicationServer.x64_8.0.0.19236 + VSPC.WebUI.x64_8.0.0.19236 as administrator

 

Upgraded to the latest versions without any hickups !

Fan since FastSCP | VMCA-1 | VMCE9 | VMCE2022 | VMCA2024
leduardoserrano
Userlevel 7
Badge +6

Thanks for the feedback @kristofpoppe ! I'm happy to know that the fix worked without any major problems! 👏🏻

Luiz Eduardo Serrano. Cloud Architect, Systems Engineer for Veeam and Object First. Veeam Vanguard/VMCA 2024/VMCE. VMware Tanzu Vanguard 2024/VCP Security/VMware User Group, 4xHPE Master ASE/Instructor, RedHat Ansible SE/Instructor, AWS Architect, Nutanix NCA, Cisco-HPE Cloud & DC champion. My blog: https://cloudnroll.com
Chris.Childerhose
Userlevel 7
Badge +20

Applied this fix yesterday and no issues. Thanks for sharing.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
dloseke
Userlevel 7
Badge +6

Came to post this.....of course I was too late....but a CVSS score of 9.9. Patch today folks!

Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2023 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
vAdmin
Userlevel 7
Badge +2

Thank you for sharing this update.

Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner

Comment


Terms & Conditions