CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.veeam.com/kb4693	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-04 02:15

Updated : 2025-04-24 17:08

NVD link : CVE-2024-42457

Mitre link : CVE-2024-42457

CVE.ORG link : CVE-2024-42457

JSON object : View

Products Affected

veeam

veeam_backup_\&_replication

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-42457", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-12-04T02:15:05.133", "references": [{"url": "https://www.veeam.com/kb4693", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext."}, {"lang": "es", "value": "Una vulnerabilidad en Veeam Backup & Replication permite a los usuarios con determinados roles de operador exponer las credenciales guardadas aprovechando una combinaci\u00f3n de m\u00e9todos en una interfaz de gesti\u00f3n remota. Esto se puede lograr utilizando un objeto de sesi\u00f3n que permite la enumeraci\u00f3n y explotaci\u00f3n de credenciales, lo que lleva a la filtraci\u00f3n de credenciales de texto sin formato a un host malicioso. El ataque se facilita mediante el uso indebido de un m\u00e9todo que permite a los operadores agregar un nuevo host con una IP controlada por el atacante, lo que les permite recuperar credenciales confidenciales en texto plano."}], "lastModified": "2025-04-24T17:08:34.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97D6D507-5200-44A1-9122-C3CF8660C1C7", "versionEndExcluding": "12.3.0.310", "versionStartIncluding": "12.0.0.1402"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}