About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.
Executive Summary
On May 7, 2024, Veeam released a knowledge base (KB) article, KB 4575, for a vulnerability in the Veeam Service Provider Console that allows for Remote Code Execution (RCE) known as CVE-2024-29212. Veeam advises that their customers upgrade to the latest version of Veeam Service Provider Console to remediate this vulnerability. At the time of release of this bulletin, there are no known public proof-of-concept (PoC) exploits available for CVE-2024-29212 and no reported instances of exploitation in-the-wild. This vulnerability was identified by Veeam while conducting testing internally. Due to an overabundance of caution, RedLegg recommends that Veeam customers update any instances of the Veeam Service Provider Console to the latest available patch. If you utilize Veeam within your organization and rely on an upstream provider who manages your instance of Veeam by utilizing the Veeam Service Provider Console, verify that they have updated to the latest available patch as some providers have reported on public forums of not being made aware of this vulnerability by Veeam.
VULNERABILITIES
Veeam Service Provider Console Remote Code Execution Vulnerability
Identifier: CVE-2024-29212 – CVSS Score 9.9 (CRITICAL)
Exploit or POC: No
Update Guide: KB4575: Veeam Service Provider Console VulnerabilityDescription: CVE-2024-29212 allows for remote code execution. The Veeam Service Provider Console (VSPC) contains an unsafe deserialization method in the communication between the management agent and the associated components. The successful exploitation of this vulnerability could allow an adversary to execute remote code on the VSPC server machine.
Mitigation recommendation: Customers are advised to update to the latest cumulative patch. If you rely on a Veeam Service Provider, follow up with them to verify that they have patched. See ‘Update Guide’ for details.
RedLegg Action: None at this time.
