Veeam warns of critical RCE bug in Service Provider Console

Veeam released security updates to address two vulnerabilities in Veeam Service Provider Console—CVE-2024-42448 (critical remote code execution, 9.9) and CVE-2024-42449 (high severity allowing NTLM hash theft and potential file deletion)—affecting VSPC 8.1.0.21377 and earlier; exploitation requires an authorized management agent, and service providers are urged to apply the latest cumulative patch because prior Veeam flaws have been leveraged in ransomware campaigns.