Veeam on Tuesday rolled out a Backup & Replication update to address four vulnerabilities, including a critical-severity Backup Enterprise Manager bug leading to authentication bypass.
The critical flaw, tracked as CVE-2024-29849 (CVSS score of 9.8), “allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user,” Veeam explains in an advisory.
According to Veeam, the security defect impacts Backup & Replication product versions 5.0 to 12.1 and was addressed with the release of Backup Enterprise Manager version 12.1.2.172, which is packaged with Backup & Replication version 12.1.2 (build 12.1.2.172).
The release also resolves a high-severity issue allowing attackers to take over accounts via NTLM relay attacks. The vulnerability is tracked as CVE-2024-29850 (CVSS score of 8.8).
CVE-2024-29851 (CVSS score of 7.2), another high-severity bug resolved with the latest Backup & Replication release, “allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account”.
The software update also resolves a low-severity Backup Enterprise Manager flaw allowing high-privileged users to read backup session logs.
Backup Enterprise Manager instances installed on dedicated servers can be updated to version 12.1.2.172 without having to upgrade Veeam Backup & Replication immediately.
If upgrading is not possible, Veeam recommends halting the Backup Enterprise Manager. The software can be installed if not in use.
The latest Veeam Backup & Replication release also includes fixes for a high-severity bug (CVE-2024-29853) in Veeam Agent for Windows (VAW) that could be exploited by a local attacker to elevate their privileges.
The issue impacts Veeam Agent for Windows versions 2.0 to 6.1 and was addressed with the release of version 6.1.2 (build 6.1.2.134).
Veeam makes no mention of any of these vulnerabilities being exploited in attacks. However, users are advised to update their installations as soon as possible, as threat actors have been known to target Veeam bugs.
Related: Critical Vulnerabilities Expose Veeam ONE Software to Code Execution
Related: PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
Related: Serious Vulnerability Patched in Veeam Data Backup Solution
