CVE-2024-39718: 
Veeam Backup & Replication vulnerability analysis and mitigation

CVE-2024-39718 is an improper input validation vulnerability discovered in Veeam Backup & Replication that affects version 12.1.2.172 and all earlier version 12 builds. The vulnerability was disclosed on September 4, 2024, and allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account (Veeam KB, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs low privileges, and doesn't require user interaction. The impact primarily affects integrity and availability, with no direct impact on confidentiality (Veeam KB).

When exploited, this vulnerability allows attackers with low-level privileges to remotely delete files on the affected system with the same permissions as the service account. This could potentially lead to data loss and system disruption (Rapid7 Blog, Security Online).

The vulnerability has been fixed in Veeam Backup & Replication version 12.2 (build 12.2.0.334). Organizations using affected versions should upgrade to this latest version immediately. Unsupported product versions, while not tested, should be considered vulnerable and should also be upgraded (Veeam KB).