We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-42455



Description

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.

Reserved 2024-08-02 | Published 2024-12-04 | Updated 2024-12-05 | Assigner hackerone


HIGH: 7.1CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Product status

Default status
unaffected

12.2
affected

References

www.veeam.com/kb4693

cve.org (CVE-2024-42455)

nvd.nist.gov (CVE-2024-42455)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-42455

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.