cvedb.io
CVE-2024-42452
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2024-12-04T02:15:04.747 · Last modified 2026-06-17T07:49:28.613

Summary

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.

Affected products

veeam — veeam_backup_\&_replication

Does this affect you?

Add your gear to cvedb and we'll alert you only when veeam ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.