What is the severity of CVE-2024-42453?

CVE-2024-42453 is considered a high severity vulnerability due to its potential to allow low-privileged users to manipulate critical configurations.

How do I fix CVE-2024-42453?

To fix CVE-2024-42453, ensure that access controls are properly configured and restrict permissions for low-privileged users in Veeam Backup & Replication.

What systems are affected by CVE-2024-42453?

CVE-2024-42453 specifically affects Veeam Backup & Replication software.

What kind of actions can be performed by exploiting CVE-2024-42453?

Exploiting CVE-2024-42453 allows low-privileged users to power off virtual machines, delete storage files, and alter configurations.

Is there a patch available for CVE-2024-42453?

As of now, check the Veeam support site for updates or patches addressing CVE-2024-42453.

Vulnerability/
CVE-2024-42453

high

8.1

CWE

862

4/12/2024

24/4/2025

CVE-2024-42453

First published: Wed Dec 04 2024(Updated: )

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Veeam
Veeam Backup & Replication	>=12.0.0.1402<12.3.0.310

Never miss a vulnerability like this again

Reference Links

https://www.veeam.com/kb4693

Frequently Asked Questions

What is the severity of CVE-2024-42453?
CVE-2024-42453 is considered a high severity vulnerability due to its potential to allow low-privileged users to manipulate critical configurations.
How do I fix CVE-2024-42453?
To fix CVE-2024-42453, ensure that access controls are properly configured and restrict permissions for low-privileged users in Veeam Backup & Replication.
What systems are affected by CVE-2024-42453?
CVE-2024-42453 specifically affects Veeam Backup & Replication software.
What kind of actions can be performed by exploiting CVE-2024-42453?
Exploiting CVE-2024-42453 allows low-privileged users to power off virtual machines, delete storage files, and alter configurations.
Is there a patch available for CVE-2024-42453?
As of now, check the Veeam support site for updates or patches addressing CVE-2024-42453.

agent/references
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/veeam
canonical/veeam
canonical/veeam backup & replication
version/veeam backup & replication/12.0.0.1402

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.