Vulnerabilities > CVE-2024-42457 - Unspecified vulnerability in Veeam Backup & Replication

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

veeam

NVD

Published: 2024-12-04

Updated: 2025-04-24

Summary

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.

Vulnerable Configurations

Part	Description	Count
Application	Veeam Veeam Veeam Backup & Replication 12.0.0.1420 Veeam Veeam Backup & Replication 12.1.0.2131 Veeam Veeam Backup & Replication 12.1.1.56 Veeam Veeam Backup & Replication 12.1.2.172 Veeam Veeam Backup & Replication 12.2.0.334	5

References

https://www.veeam.com/kb4693