Skip to main content

Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Chris.Childerhose
Forum|alt.badge.img+21

To kick off the group here is the first post that VCSPs should know about as it relates to VSPC and a CVE.  You can find details here -

Veeam has announced a vulnerability affecting the Veeam Service Provider Console Vulnerability 

  • CVE-2024-29212
  • Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Its rated as Critical and CVSS v3.1 Score: 9.9 so patch as soon as possible

More info: https://www.veeam.com/kb4575

Affected versions: Veeam Service Provider Console | 4.0 | 5.0 | 6.0 | 7.0 | 8.0

 

The patch and release notes can be found here - KB4509: Release History for Veeam Service Provider Console 8

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Chris.Childerhose
HangTen416
marcofabbri
5 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • HangTen416
    HangTen416
  • marcofabbri
    marcofabbri
  • HunterLAFR
    HunterLAFR
  • Madi.Cristil
    Madi.Cristil

2 comments

k00laidIT
Forum|alt.badge.img+8
  • k00laidIT
  • Veeam Vanguard
  • 73 comments
  • May 10, 2024

It’s worth mentioning on this that while there was a fix released for the 7.x release 1) that release is has been considered “end of fix” since the end of 2023 and with this patch it is not inclusive of any private fixes that have been provided to you since the previous patch. If you install it and other fixes have been put in place they may remove those fixes. Please contact Veeam support if you are in this situation prior to installing.

Jim Jones, @k00laidIT, AWS Community Builder, Cisco Champion, vExpert, Veeam Vanguard
Chris.Childerhose
dloseke
leduardoserrano
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dloseke
    dloseke
  • leduardoserrano
    leduardoserrano
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Author
  • Veeam Legend, Veeam Vanguard
  • 8402 comments
  • May 10, 2024

Yes great catch on that one Jim as I forgot to mention private fixes and potential issues that may arise from this patch.  Be sure to reach out to Support prior to updating.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
dloseke
leduardoserrano
2 people like this
  • dloseke
    dloseke
  • leduardoserrano
    leduardoserrano

Comment


Terms & Conditions