RCE via Veeam ONE Agent service creds
CVE-2024-42024 Published on September 7, 2024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2024-42024
Want to know whenever a new CVE is published for Veeam One? stack.watch will email you.
Affected Versions
Veeam One:- Version 12.1, <= 12.1 is affected.
- Version 12, <= 12.1.0.3208 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.