Veeam Agent for Windows DLL Injection Vulnerability
CVE-2024-45207 Published on December 4, 2024
DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2024-45207 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2024-45207
Want to know whenever a new CVE is published for Veeam Agent For Windows? stack.watch will email you.
Affected Versions
Veeam Agent for Windows:- Version 12.2, <= 12.2 is affected.
- Version 6.0 and below 6.3.0.177 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.