Vulnerabilities > CVE-2024-42453 - Unspecified vulnerability in Veeam Backup & Replication

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

veeam

NVD

Published: 2024-12-04

Updated: 2025-04-24

Summary

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.

Vulnerable Configurations

Part	Description	Count
Application	Veeam Veeam Veeam Backup & Replication 12.0.0.1420 Veeam Veeam Backup & Replication 12.1.0.2131 Veeam Veeam Backup & Replication 12.1.1.56 Veeam Veeam Backup & Replication 12.1.2.172 Veeam Veeam Backup & Replication 12.2.0.334	5

References

https://www.veeam.com/kb4693