San Francisco, December 4, 2024 –Veeam patches critical RCE flaw (CVE-2024-42448). Update immediately to avoid exploits and potential ransomware attacks targeting vulnerable systems.
A critical Remote Code Execution (RCE) vulnerability has been discovered in the Veeam Service Provider Console (VSPC), posing a major threat to businesses worldwide.
The flaw, tracked as CVE-2024-42448, carries a staggering CVSS severity score of 9.9 out of 10. Veeam has issued a patch and urges immediate updates to safeguard against potential exploits.
The vulnerability, identified during internal testing, allows attackers to execute arbitrary code on vulnerable systems if the management agent is authorized on the VSPC server.
Compounding the risk, a second flaw (CVE-2024-42449) can leak sensitive NTLM hash information and delete files, exposing systems to further exploitation.
This is a critical alert for all businesses using VSPC. With ransomware attacks already targeting Veeam products, delaying updates is not an option.
Vulnerable versions include Veeam Service Provider Console 8.1.0.21377 and earlier versions of builds 7 and 8. The issues have been resolved in version 8.1.0.21999, but no temporary mitigations are available—upgrading is the only fix. Cybersecurity expert Liam Grant added:
RCE vulnerabilities are a hacker’s playground, allowing them to take control of systems and deploy ransomware effortlessly.
States like California, Texas, and New York, where Veeam is widely deployed, are particularly at risk of targeted cyberattacks. Businesses are advised to prioritize patching to prevent devastating consequences.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
