The security department found this vulnerability in the latest agent. I would like to hear from Veeam their comment on the vulnerability and solutions.
Vulnerability CVE-2024-48510 is present on server srv-xxx due to outdated version of Veeam -> C:\Program Files\Veeam\Endpoint Backup\Ionic.Zip.dll (1.9.1.9000).
CVE-2024-48510 vulnerability details:
A directory traversal vulnerability in DotNetZip v.1.16.0 and earlier allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component.
-
Timonby
- Lurker
- Posts: 1
- Liked: 1 time
- Joined: Dec 20, 2024 7:06 am
- Contact:
-
Dima P.
- Product Manager
- Posts: 14827
- Liked: 1773 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: CVE-2024-48510 with Agent 6.3
Hello Timonby,
Sorry for the delay and Merry Christmas! As far as I am concerned the mentioned vulnerability takes places when data is being extracted from the archive, while agent uses this library only to compress the data (i.e. debug logs) before sending the data elsewhere.
Please ask security department to raise an official vulnerability report for a detailed review Veeam security team. Thank you!
Sorry for the delay and Merry Christmas! As far as I am concerned the mentioned vulnerability takes places when data is being extracted from the archive, while agent uses this library only to compress the data (i.e. debug logs) before sending the data elsewhere.
Please ask security department to raise an official vulnerability report for a detailed review Veeam security team. Thank you!
Who is online
Users browsing this forum: Semrush [Bot] and 12 guests