Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: 2 VULNERABILITIES PATCHED IN VEEAM SERVICE PROVIDER CONSOLE, PATCH IMMEDIATELY!
Image
Published : 05/12/2024
Reference:
Advisory #2024-284
Version:
1.1
Affected software:
Veeam Service Provider Console
Type:
No details shared
CVE/CVSS:
CVE-2024-42448 / CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-42449 / CVSS 7.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
Veeam: https://www.veeam.com/kb4679
Risks
During internal testing, Veaam discovered 2 vulnerabilities in their Veeam Service Provider Console (VSPC) software.
Veeam Service Provider Console is a cloud-enabled platform for centralized management and monitoring of data protection operations and services.
When an attacker gains access to this system, they might be able to edit your backup configuration or remove any existing backups in the cloud or on premise.
CVE-2024-42448 is rated with a 9.9, resulting in critical severity. CVE-2024-42449 has a score of 7.1, which gives it high severity.
Successful exploitation one of both vulnerabilities, has a high impact on the complete CIA triad.
Lastly, a threat actor was observed selling an exploit for CVE-2024-42448 on an underground forum, rendering the exploitation of this vulnerability easier.
Description
Veaam did not share a lot of technical details abouts both vulnerabilities, since they are discovered during internal testing.
CVE-2024-42448: Could lead to Remote Code Execution (RCE) on the VSPC server machine when the management agent is authorized on the server. Since this vulnerability has a changed scope, successful exploitation gives the remote attacker full control of the VSPC server machine and all the resources it can interact with.
CVE-2024-42449: Allows an authorized management agent on the server, to leak the NTLM hash of the VSPC server service account and delete files on the VSPC server machine. This NTLM hash can also be used by the attacker to target other systems within your organization.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Update your Veeam Service Provider Console v7 or v8 to version 8.1.0.21999 to secure your system.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42449