What is CVE-2024-42024?

CVE-2024-42024 is a critical-severity vulnerability in Veeam One. CVSS score: 9.1/10. Published 2024-09-07.

How severe is CVE-2024-42024?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2024-42024 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Veeam One

CVE-2024-42024

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

EPSS: 0.013 (65.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Veeam One — versions 12.1

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.veeam.com/kb4649

Frequently asked questions

What is CVE-2024-42024?: CVE-2024-42024 is a critical-severity vulnerability in Veeam One. CVSS score: 9.1/10. Published 2024-09-07.
How severe is CVE-2024-42024?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2024-42024 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.