On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing. VSPC is a management tool designed for service providers to manage customer backups. The vulnerability allows a remote threat actor to perform Remote Code Execution (RCE) on the VSPC server machine from an authorized VSPC management agent machine.
Arctic Wolf has not observed exploitation of this vulnerability in the wild, nor has a publicly accessible proof of concept exploit been identified. While there is no public record of VSPC vulnerabilities being exploited in real-world attacks, Veeam’s Backup & Replication product has been frequently targeted by ransomware groups due to its critical role in backup and recovery. Given this historical targeting and VSPC’s involvement with backups, threat actors may reverse-engineer patches to exploit these vulnerabilities in the near future.
Recommendation for CVE-2024-42448
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Veeam Service Provider Console | 8.1.0.21377 and all earlier versions 8 and 7 builds | 8.1.0.21999 |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
