CVE-2024-45207

EPSS 0.04%
Veröffentlicht 04.12.2024 02:15:05
Zuletzt bearbeitet 02.07.2025 20:29:56
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Veeam ≫ Veeam Agent For Windows Version >= 6.0.0.959 < 6.3.0.177

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.095

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
support@hackerone.com	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://www.veeam.com/kb4693

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45207

EUVD