From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
https://www.securityweek.com/veeam-warns-of-critical-vulnerability-in-service-provider-console/
https://www.darkreading.com/vulnerabilities-threats/veeam-urges-updates-after-discovering-critical-vulnerability
https://www.helpnetsecurity.com/2024/12/03/vspc-vulnerabilities-cve-2024-42448-cve-2024-42449/
https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-bug-in-service-provider-console/
https://www.veeam.com/kb4679
Source: Mitre, NVD
Published: 2024-12-12
Updated: 2024-12-12
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
Base Score: 9.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: Critical
EPSS: 0.35808