Home Veeam CVE-2024-42453
Back to Veeam

CVE-2024-42453

Veeam Backup & Replication - Management Services

Veeam CVSS 8.1 Updated April 6, 2026

Executive Risk Summary

"A vulnerability in Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts, potentially leading to Denial of Service (DoS) and data integrity issues. This vulnerability is caused by improper permission checks in methods accessed via management services."

Anticipated Attack Path

  1. 1. Low-privileged user gains access to management services
  2. 2. User exploits improper permission checks to modify configurations
  3. 3. Configurations are changed, potentially leading to DoS and data integrity issues

Am I Vulnerable?

  • Verify user permissions and access to management services
  • Check for any suspicious configuration changes
  • Review system logs for signs of exploitation

Operational Audit Arsenal

Target Type Service
Target Asset Veeam.Backup.Manager.Service
Standard Path Windows Services

Manual Verification Required

This is a non-Windows asset (Veeam). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Potential disruption to backup and replication services

Internal Work Notes

Veeam Backup & Replication vulnerability allowing low-privileged users to modify configurations, potentially leading to DoS and data integrity issues. Apply patch from kb4693 to resolve.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.veeam.com/kb4693

Related Veeam Threats

CVE-2025-48983 CVSS 9.9

Veeam Backup & Replication - Mount service
CVE-2026-21671 CVSS 9.1

Veeam Backup & Replication - Backup Administrator
CVE-2024-42456 CVSS 8.8

Veeam Backup & Replication - Configuration Settings
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.