Cyber bandits don't even need to know your credentials to compromise your system.
Veeam encourages all users of Veeam Backup Enterprise Manager to update their software to the latest version due to a critical vulnerability that allows attackers to bypass authentication protection.
Veeam Backup Enterprise Manager is a centralized solution for managing backups in the Veeam infrastructure. It provides a single web interface for monitoring, reporting, and managing backup, replication, and recovery jobs.
The platform allows an administrator to easily manage large-scale backups, search for and restore individual files, and manage user and group access rights. In addition, Veeam Backup Enterprise Manager simplifies administration and improves the efficiency of working with data in large IT environments.
The vulnerability, identified as CVE-2024-29849 and rated 9.8 on the CVSS scale, allows an unauthorized attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.
The company also reported three other vulnerabilities affecting the same product:
In recent weeks, the company has also addressed a local privilege escalation vulnerability in Veeam Agent for Windows (CVE-2024-29853, CVSS score: 7.2) and a critical remote code execution vulnerability in the Veeam Service Provider Console (CVE-2024-29212, CVSS score: 9.9).
According to Veeam, the vulnerability CVE-2024-29212 is related to an insecure deserialization method used by the Veeam Service Provider Console (VSPC) server when interacting with the management agent and its components, which, under certain conditions, allows remote code execution on the VSPC server.
Vulnerabilities in Veeam Backup software & Replication (CVE-2023-27532, CVSS score: 7.5) has already been used by groups such as FIN7 and Cuba to distribute malware, including ransomware, which underscores the importance of installing updates quickly.
Veeam encourages all users of Veeam Backup Enterprise Manager to update their software to the latest version due to a critical vulnerability that allows attackers to bypass authentication protection.
Veeam Backup Enterprise Manager is a centralized solution for managing backups in the Veeam infrastructure. It provides a single web interface for monitoring, reporting, and managing backup, replication, and recovery jobs.
The platform allows an administrator to easily manage large-scale backups, search for and restore individual files, and manage user and group access rights. In addition, Veeam Backup Enterprise Manager simplifies administration and improves the efficiency of working with data in large IT environments.
The vulnerability, identified as CVE-2024-29849 and rated 9.8 on the CVSS scale, allows an unauthorized attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.
The company also reported three other vulnerabilities affecting the same product:
- CVE-2024-29850 (CVSS score: 8.8) allows account hijacking via NTLM relay.
- CVE-2024-29851 (CVSS score: 7.2) gives a privileged user the ability to steal the NTLM hashes of a service account if they are not configured to run as a system account.
- CVE-2024-29852 (CVSS score: 2.7) allows a privileged user to read backup session logs.
In recent weeks, the company has also addressed a local privilege escalation vulnerability in Veeam Agent for Windows (CVE-2024-29853, CVSS score: 7.2) and a critical remote code execution vulnerability in the Veeam Service Provider Console (CVE-2024-29212, CVSS score: 9.9).
According to Veeam, the vulnerability CVE-2024-29212 is related to an insecure deserialization method used by the Veeam Service Provider Console (VSPC) server when interacting with the management agent and its components, which, under certain conditions, allows remote code execution on the VSPC server.
Vulnerabilities in Veeam Backup software & Replication (CVE-2023-27532, CVSS score: 7.5) has already been used by groups such as FIN7 and Cuba to distribute malware, including ransomware, which underscores the importance of installing updates quickly.
