Veeam VSPC RCE via Unsafe Deserialization in Agent Communication
CVE-2024-29212 Published on May 14, 2024
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2024-29212 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2024-29212
Want to know whenever a new CVE is published for Veeam Service Provider Console? stack.watch will email you.
Affected Versions
Veeam Service Provider Console:- Version 8, <= 8 is affected.
- Version 7, <= 7 is affected.
- Version 7 is affected.
- Version 8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.