CVE-2024-42448

Name of the Vulnerable Software and Affected Versions: Veeam Service Provider Console versions prior to 8.1.0.21999

Description: The issue is related to a critical flaw in the Veeam Service Provider Console that could allow remote code execution. This flaw was discovered during internal testing and has a high severity score. From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform remote code execution on the VSPC server machine. Over 143,000 services are potentially affected.

Recommendations: Update Veeam Service Provider Console to version 8.1.0.21999 immediately to address the vulnerability. As a temporary workaround, consider restricting access to the VSPC server machine to minimize the risk of unauthorized access until the update is applied.