Security News > 2024 > May > Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

Veeam has patched a high-severity vulnerability in Veeam Service Provider Console and is urging customers to implement the patch.

Veeam Service Provider Console is a cloud platform used by managed services providers and enterprises to manage and monitor data backup operations.

"Service providers can deploy Veeam Service Provider Console to deliver Veeam-powered Backup-as-a-Service and Disaster Recovery-as-a-Service services to their customers. Enterprises can use the solution to streamline backup operations in remote and branch offices, or other locations," the company explains.

CVE-2024-29212 exists due to an unsafe deserialization method used by the Veeam Service Provider Console server during communication between the management agent and its components.

In 2013, cybercriminals exploited CVE-2023-27532, a vulnerability in Veeam Backup & Replication.

"We encourage service providers using supported versions of Veeam Service Provider Console to update to the latest cumulative patch. Service providers using unsupported versions are strongly encouraged to upgrade to the latest version of Veeam Service Provider Console," the company advised.

News URL

https://www.helpnetsecurity.com/2024/05/08/cve-2024-29212/