A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.veeam.com/kb4693 |
History
Wed, 04 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Veeam
Veeam backup And Replication |
|
Weaknesses | CWE-306 | |
CPEs | cpe:2.3:a:veeam:backup_and_replication:*:*:*:*:*:*:*:* | |
Vendors & Products |
Veeam
Veeam backup And Replication |
|
Metrics |
ssvc
|
Wed, 04 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-12-04T01:06:04.627Z
Updated: 2024-12-04T16:48:57.686Z
Reserved: 2024-08-02T01:04:07.985Z
Link: CVE-2024-42456
Vulnrichment
Updated: 2024-12-04T16:48:00.626Z
NVD
Status : Received
Published: 2024-12-04T02:15:05.033
Modified: 2024-12-04T17:15:14.233
Link: CVE-2024-42456
Redhat
No data.