CVE-2024-42449

Name of the Vulnerable Software and Affected Versions: Veeam Service Provider Console (VSPC) versions prior to 8.1.0.21377

Description: The issue is related to access control errors in the Veeam Service Provider Console (VSPC) backup and restore software for remote and cloud clients. It allows a remote attacker to delete arbitrary files on the VSPC server machine, provided that the management agent is authorized on the server. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For versions prior to 8.1.0.21377, update to version 8.1.0.21377 or later to resolve the issue. As a temporary workaround, consider restricting access to the management agent to minimize the risk of exploitation.