What are you looking for ?
Infinidat
Articles_top

Veeam Security Advisory Service Provider Console Resolved Vulnerability (CVE-2024-29212 )

Company encourages service providers using supported versions of Veeam Service Provider Console (versions 7 and 8) to update to latest cumulative patch.

Veeam Software, Inc. had published a security advisory concerning the Veeam Service Provider Console.

KB ID: 4575
Product: Veeam Service Provider Console | 4.0 | 5.0 | 6.0 | 7.0 | 8.0
Published: 2024-05-07
Last modified: 2024-05-08

Article applicability
This article documents a vulnerability discovered in Veeam Service Provider Console.

This vulnerability does not affect other Veeam products (e.g., Veeam Backup & Replication, Veeam Agent for Microsoft Windows, Veeam ONE).

Issue detail:

  • CVE-2024-29212
    Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

This vulnerability was detected during internal testing.

Severity: Critical
CVSS v3.1 Score: 9.9

Solution
The vulnerability documented in this article was fixed starting in the following builds of Veeam Service Provider Console:

Critical update
The company encourage service providers using supported versions of Veeam Service Provider Console (versions 7 and 8) to update to the latest cumulative patch. Service Providers using unsupported versions are strongly encouraged to upgrade to the latest version of Veeam Service Provider Console.

Articles_bottom
AIC
ATTO
OPEN-E