產品: Veeam Backup and Replication
資料來源:
影響範圍:
所有Veeam Backup and Replication 12.2.0.334 與之前的版本。
解決方法:
更新到12.3以上版本
漏洞說明:
CVE-2024-40717
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to execute a script with elevated privileges by configuring it as a pre-job or post-job task, thereby causing the script to be executed as LocalSystem.
Severity: High
CVSS v3.1 Score: 8.8
Source: Discovered during internal testing.
CVE-2024-42451
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to access all saved credentials in a human-readable format.
Severity: High
CVSS v3.1 Score: 7.7
Source: Discovered during internal testing.
CVE-2024-42452
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to remotely upload files to connected ESXi hosts with elevated privileges.
Severity: High
CVSS v3.1 Score: 8.8
Source: Discovered during internal testing.
CVE-2024-42453
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to control and modify the configuration of connected virtual infrastructure hosts.
Severity: High
CVSS v3.1 Score: 8.8
Source: Discovered during internal testing.
CVE-2024-42455
A vulnerability that allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to connect to remote services and exploit insecure deserialization by sending a serialized temporary file collection, thereby enabling the deletion of any file on the system with service account privileges.
Severity: High
CVSS v3.1 Score: 7.1
Source: Reported via HackerOne.
CVE-2024-42456
A vulnerability that allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to gain access to privileged methods and control critical services.
Severity: High
CVSS v3.1 Score: 8.8
Source: Reported via HackerOne.
CVE-2024-42457
A vulnerability that allows an authenticated user with certain assigned operator roles in the Users and Roles settings on the backup server to expose saved credentials by leveraging a combination of methods in the remote management interface.
Severity: High
CVSS v3.1 Score: 7.7
Source: Discovered during internal testing.
CVE-2024-45204
A vulnerability that allows an authenticated user with an assigned role in the Users and Roles settings on the backup server to exploit insufficient permissions in credential handling, potentially leading to the leakage of NTLM hashes of saved credentials.
Severity: High
CVSS v3.1 Score: 7.7
Source: Discovered during internal testing.
如有任何需協助的地方請與我們聯絡.
逸凡科技0800-098598
