Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Post author:Derek Loseke
Post published:May 28, 2024
Post comments:0 Comments
Reading time:2 mins read

For anyone running the Veeam Service Provider Console, v7 or v8, a vulnerability was detected and a patch released a few weeks ago. Today, the patch was rereleased with additional improvements added. If you’re running unpatched, or if you applied the original patch, it’s recommended to update to the latest release. Note that this vulnerability does not apply to Veeam Backup & Replication, Veeam Agent for Windows or Veeam ONE, and applies only to the Service Provider Console. More information is available at https://www.veeam.com/kb4575.

Issue Details

CVE-2024-29212

Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

This vulnerability was detected during internal testing.

Severity: Critical
CVSS v3.1 Score: 9.9

Did you hear about the cat that ate a lemon?
(click to reveal the answer)

Now it’s a sour puss.

Tags: CVE, Service Provider Console, V7, V8, Veeam, Vulnerability

Issue Details

CVE-2024-29212

You Might Also Like

VeeamON 2024 – The Remote Version (Day 3)

Veeam Legends – A Year in Review

Veeam releases Veeam Data Platform 23H2 and Veeam Backup & Replication v12.1

Leave a Reply Cancel reply