Veeam released a security advisory to address four vulnerabilities of different severity ratings. All the vulnerabilities impact Veeam Backup and Replication. One of the four vulnerabilities, CVE-2024-29849, is rated as critical with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.
Veeam Backup & Replication is one of the industry-leading backup, recovery, and data security solutions for all workloads, both on-premises and in the cloud. The software provides secure, robust, and reliable data protection. With a software-defined, hardware-independent solution, the software can eliminate downtime with instant recovery, protect from cyber threats with native immutability, and use validated backups.
The list of other CVEs addressed in the advisory are as follows:
CVE-2024-29850
The vulnerability has a high severity rating with a CVSS score of 8.8. Successful exploitation of the vulnerability may allow an attacker to take over a user account via the NTLM relay.
CVE-2024-29851
The vulnerability has a high severity rating with a CVSS score of 7.2. Successful exploitation of the vulnerability may allow a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account. The vulnerability is only exploited in the service accounts other than the default Local System account.
CVE-2024-29852
The vulnerability has been given a low severity rating with a CVSS score of 2.7. Successful exploitation of the vulnerability may allow high-privileged users to read backup session logs.
Affected Versions
The vulnerability affects Veeam Backup and Replication build versions prior to 12.1.2 (build 12.1.2.172).
Mitigation
Customers must upgrade to the Veeam Backup & Replication version 12.1.2 (build 12.1.2.172) to patch the vulnerability.
Please refer to the Veeam Security Advisory (kb4581) for more information.
Qualys Detection
Qualys customers can scan their devices with QID 379859 to detect vulnerable assets.
Rapid Response with Patch Management (PM)
Qualys Patch Management and its Zero-Touch Patching feature provide a seamless, automated process of patching a vulnerability like this.
Zero-Touch Patching identifies the most vulnerable products in your environment and automates the deployment of necessary patches and configuration adjustments. This not only streamlines the patching process but also ensures vulnerabilities are addressed promptly.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.veeam.com/kb4581