CVE-2024-45206

Name of the Vulnerable Software and Affected Versions Veeam Service Provider Console versions prior to 8.1.0.21377

Description A vulnerability in Veeam Service Provider Console has been identified, which allows an attacker to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. This issue is related to insufficient protection of service data. The vulnerability can be exploited by sending specially crafted HTTP requests. It is estimated that over 2500 vulnerable systems are accessible from the internet, with the majority located in the USA and Turkey. Among the users of Veeam products are 74% of companies from the Forbes Global 2000 list, making this vulnerability particularly attractive to hackers.

Recommendations For Veeam Service Provider Console versions prior to 8.1.0.21377, update to version 8.1.0.21377 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable service to minimize the risk of exploitation. Avoid using the vulnerable console until the issue is resolved.