Veeam Service Provider Console (VSPC) remote code execution.
is a critical vulnerability identified in the Veeam Service Provider Console (VSPC) with a CVSS score of 9.9.
This vulnerability allows for remote code execution (RCE).
(files.zip) here you'll find the files and including but not limit to tcp packets captured during testing
some progress with IDA (which was unnecessary), but will be effective if you try to understand the root cause
and produce a working exploit.
every step is explained clearly with screenshots inside the process.pdf.
for educational purpose only.
A python script (CVE-2024-42448.py) which trigger the vulnerability and execute user supplied command
can also execute command on single and multiple targets(IP list) with multi-threading capability.