What is the severity of CVE-2024-42457?

CVE-2024-42457 is considered a high severity vulnerability due to the potential for credential exposure.

Who is affected by CVE-2024-42457?

CVE-2024-42457 affects users with certain operator roles in Veeam Backup & Replication.

How do I fix CVE-2024-42457?

To fix CVE-2024-42457, users should apply the latest security patch provided by Veeam for Backup & Replication.

What are the risks associated with CVE-2024-42457?

The risks associated with CVE-2024-42457 include unauthorized access to saved credentials, potentially compromising the security of backups.

What methods are exploited in CVE-2024-42457?

CVE-2024-42457 is exploited through a combination of credential enumeration and session object manipulation in the remote management interface.

Vulnerability/
CVE-2024-42457

high

7.7

CWE

522

4/12/2024

24/4/2025

CVE-2024-42457

First published: Wed Dec 04 2024(Updated: )

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Veeam
Veeam Backup & Replication	>=12.0.0.1402<12.3.0.310

Never miss a vulnerability like this again

Reference Links

https://www.veeam.com/kb4693

Frequently Asked Questions

What is the severity of CVE-2024-42457?
CVE-2024-42457 is considered a high severity vulnerability due to the potential for credential exposure.
Who is affected by CVE-2024-42457?
CVE-2024-42457 affects users with certain operator roles in Veeam Backup & Replication.
How do I fix CVE-2024-42457?
To fix CVE-2024-42457, users should apply the latest security patch provided by Veeam for Backup & Replication.
What are the risks associated with CVE-2024-42457?
The risks associated with CVE-2024-42457 include unauthorized access to saved credentials, potentially compromising the security of backups.
What methods are exploited in CVE-2024-42457?
CVE-2024-42457 is exploited through a combination of credential enumeration and session object manipulation in the remote management interface.

agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/veeam
canonical/veeam
canonical/veeam backup & replication
version/veeam backup & replication/12.0.0.1402

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.