Veeam warns of a critical vulnerability in the Service Provider Console
Veeam warns of a critical vulnerability in the Service Provider Console
Veeam warns of a critical vulnerability in the Service Provider Console
Information
Veeam is a software company specializing in data management and solutions for backup, recovery, and backup system management for enterprises, cloud environments, and virtualization.
Veeam Service Provider Console is a solution designed for service providers and organizations seeking to manage multi-tenant backup and data protection.
Incident
Veeam has released security updates to address two vulnerabilities found in the Service Provider Console (VSPC), one of which is a critical vulnerability that allows attackers to execute remote code (RCE).
VSPC is a BaaS (Backup as a Service) and DRaaS (Disaster Recovery as a Service) platform that enables service providers to monitor the status and security of their customers' backups and manage workloads protected by Veeam. This includes virtualization systems, Microsoft 365, and public cloud environments.The first vulnerability (CVE-2024-42448) allows attackers to execute code on unpatched servers via the Management Agent. The second vulnerability (CVE-2024-42449) enables attackers to steal the NTLM hash of a Service Account and use it to delete files on the server.
Impacted versions
Veeam recommends service providers using VSPC to update to the latest version
Solutions
Veeam recommends service providers using VSPC to update to the latest version
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)
Referent
- https://www.techtalkthai.com/veeam-warns-critical-rce-bug-in-service-provider-console/
- https://www.veeam.com/kb4679
- https://nvd.nist.gov/vuln/detail/CVE-2024-42449
- https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-bug-in-service-provider-console/
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2024-5910 |
10/7/2024 |
27/11/2024 |
Palo Alto Networks Expedition versions prior to 1.2.92 |
Missing Authentication |
9.8 |
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. |
Fixed in Expedition 1.2.92 and all later versions. |
|
| 2 |
CVE-2024-21762 |
9/2/2024 |
29/11/2024 |
Fortinet FortiOS versions 7.4.0 through 7.4.2 |
out-of-bounds write |
9.6 |
A out-of-bounds write vulnerability in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. |
Upgrade to 7.4.3 or above |
|
| 3 |
CVE-2023-25515 |
23/6/2024 |
29/11/2024 |
Nvidia : |
code execution |
7.8 |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. |
Updated Driver Version 474.44 |
|
| 4 |
CVE-2024-11699 |
26/11/2024 |
30/11/2024 |
Firefox 132 |
run arbitrary code |
8.8 |
Memory safety bugs present in Firefox , Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
fixed in Firefox 133 |
|
| 5 |
CVE-2023-49250 |
20/2/2024 |
29/11/2024 |
Apache DolphinScheduler: before 3.2.0 |
Man-in-the-Middle (MITM) |
7.3 |
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. |
upgrade to version 3.2.1 |
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia |
22/11/2024 |
Cyber Attack, Rejetto HTTP File Server, Phishing |
The TAG-110 threat group, associated with Russia, has been conducting cyber espionage campaigns targeting countries in Central Asia, East Asia, and Europe. The group primarily uses two custom malware tools CHERRYSPY: A Python-based backdoor for data exfiltration and espionage The primary targets include government entities, human rights organizations, and educational institutions. At least 62 victims across 11 countries have been identified, with a focus on Central Asia (e.g., Tajikistan, Kyrgyzstan, Kazakhstan, Turkmenistan, Uzbekistan), along with Armenia, China, Hungary, India, Greece, and Ukraine. Attack chains leverage vulnerabilities in public-facing applications (e.g., Rejetto HTTP File Server) and phishing emails as entry points. |
|
Ref: https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html
16 December 2024
Viewed 177 time
