A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.veeam.com/kb4693 |
History
Thu, 05 Dec 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Veeam
Veeam backup And Replication |
|
Weaknesses | CWE-306 | |
CPEs | cpe:2.3:a:veeam:backup_and_replication:*:*:*:*:*:*:*:* | |
Vendors & Products |
Veeam
Veeam backup And Replication |
|
Metrics |
ssvc
|
Wed, 04 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-12-04T01:06:04.626Z
Updated: 2024-12-05T10:59:46.913Z
Reserved: 2024-08-02T01:04:07.985Z
Link: CVE-2024-42455
Vulnrichment
Updated: 2024-12-05T10:59:18.605Z
NVD
Status : Received
Published: 2024-12-04T02:15:04.937
Modified: 2024-12-05T11:15:04.533
Link: CVE-2024-42455
Redhat
No data.