Vulnerabilities > CVE-2024-42455 - Unspecified vulnerability in Veeam Backup & Replication

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

veeam

NVD

Published: 2024-12-04

Updated: 2025-04-24

Summary

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.

Vulnerable Configurations

Part	Description	Count
Application	Veeam Veeam Veeam Backup & Replication 12.0.0.1420 Veeam Veeam Backup & Replication 12.1.0.2131 Veeam Veeam Backup & Replication 12.1.1.56 Veeam Veeam Backup & Replication 12.1.2.172 Veeam Veeam Backup & Replication 12.2.0.334	5

References

https://www.veeam.com/kb4693