Veeam Backup & Replication: Improper Permission Checks in Management Services
CVE-2024-42453 Published on December 4, 2024
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-42453 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-42453
Want to know whenever a new CVE is published for Veeam Backup Replication? stack.watch will email you.
Affected Versions
Veeam Backup & Replication:- Version 12.2, <= 12.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.