{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45207", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-08-23T01:00:01.061Z", "datePublished": "2024-12-04T01:06:04.660Z", "dateUpdated": "2024-12-04T15:21:30.380Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services"}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Agent for Windows", "versions": [{"version": "12.2", "status": "affected", "lessThanOrEqual": "12.2", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4693"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-12-04T01:06:04.660Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-426", "lang": "en", "description": "CWE-426 Untrusted Search Path"}]}], "affected": [{"vendor": "veeam", "product": "agent", "cpes": ["cpe:2.3:a:veeam:agent:*:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.0", "status": "affected", "lessThan": "6.3.0.177", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-04T14:55:19.211011Z", "id": "CVE-2024-45207", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T15:21:30.380Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45207", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-04T14:55:19.211011Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:veeam:agent:*:*:*:*:*:windows:*:*"], "vendor": "veeam", "product": "agent", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.3.0.177", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T15:02:23.537Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Veeam", "product": "Agent for Windows", "versions": [{"status": "affected", "version": "12.2", "versionType": "semver", "lessThanOrEqual": "12.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4693"}], "descriptions": [{"lang": "en", "value": "DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-12-04T01:06:04.660Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45207", "state": "PUBLISHED", "dateUpdated": "2024-12-04T15:21:30.380Z", "dateReserved": "2024-08-23T01:00:01.061Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-12-04T01:06:04.660Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veeam:veeam_agent_for_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "71DBFD55-CF57-4184-8BC4-4DFEFAC31880", "versionEndExcluding": "6.3.0.177", "versionStartIncluding": "6.0.0.959", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services"}, {"lang": "es", "value": " La inyecci\u00f3n de DLL en Veeam Agent para Windows puede ocurrir si la variable PATH del sistema incluye ubicaciones no seguras. Cuando el agente se ejecuta, busca en estos directorios las DLL necesarias. Si un atacante coloca una DLL maliciosa en uno de estos directorios, Veeam Agent podr\u00eda cargarla sin darse cuenta, lo que le permitir\u00eda ejecutar c\u00f3digo da\u00f1ino. Esto podr\u00eda provocar acceso no autorizado, robo de datos o interrupci\u00f3n de los servicios."}], "id": "CVE-2024-45207", "lastModified": "2025-07-02T20:29:56.867", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-12-04T02:15:05.520", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.veeam.com/kb4693"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}