Critical Veeam Backup Enterprise Manager Vulnerability - 20240522003¶
Overview¶
Multiple vulnerabilities have been discovered in Veeam Backup Enterprise Manager that could allow threat actors to bypass authentication. Veeam has also disclosed vulnerability in Veeam Service Provider Console, Veeam Backup & Replication and Veeam Cloud Connect.
What is vulnerable?¶
| CVE | Severity | CVSS | Summary | Product(s) Affected |
|---|---|---|---|---|
| CVE-2024-29849 | Critical | 9.8 | This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. | Veeam Backup Enterprise Manager |
| CVE-2024-29850 | High | 8.8 | This Vulnerability in Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | Veeam Backup Enterprise Manager |
| CVE-2024-29851 | High | 7.2 | This vulnerability in Veeam Backup Enterprise Manager allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account. | Veeam Backup Enterprise Manager |
| CVE-2024-29852 | Low | 2.7 | This vulnerability in Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | Veeam Backup Enterprise Manager |
| CVE-2024-29853 | High | 7.2 | This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation. | Veeam Agent for Microsoft Windows 2.0, 3.0.2, 4.0, 5.0, 6.0, 6.1 |
| CVE-2023-27532 | High | 7.5 | This vulnerability allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. | Veeam Backup & Replication, Veeam Cloud Connect |
| CVE-2024-29212 | Critical | 9.9 | Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | Veeam Service Provider Console 4.0, 5.0, 6.0, 7.0, 8.0 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):