Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication

Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise.

One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker to perform remote code execution upon successful exploitation.

CISA acknowledged the active exploitation of CVE-2024-40711 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before November 7, 2024.

Veeam Backup & Replication is one of the industry-leading backup, recovery, and data security solutions for all workloads, both on-premises and in the cloud. The software provides secure, robust, and reliable data protection. With a software-defined, hardware-independent solution, the software can eliminate downtime with instant recovery, protect from cyber threats with native immutability, and use validated backups.

CVE-2024-40713

The vulnerability has a high severity rating with a CVSS score of 8.8. An attacker with a low-privileged role within Veeam Backup & Replication may exploit the vulnerability to alter Multi-Factor Authentication (MFA) settings and bypass MFA.

CVE-2024-40710

The vulnerability has a high severity rating with a CVSS score of 8.8. An attacker with a low-privileged role within Veeam Backup & Replication may exploit the vulnerability to execute code as the service account and extract sensitive information (saved credentials and passwords).

CVE-2024-39718

The vulnerability has a high severity rating with a CVSS score of 8.1. An attacker with low privilege may exploit the vulnerability to remotely remove files on the system with permissions equivalent to those of the service account.

CVE-2024-40714

The vulnerability has a high severity rating with a CVSS score of 8.3. The vulnerability exists in TLS certificate validation. The vulnerability may allow an attacker on the same network to intercept sensitive credentials during restore operations.

CVE-2024-40712

The vulnerability has a high severity rating with a CVSS score of 7.8. This path traversal vulnerability may allow an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).

Affected Versions

The vulnerability affects Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds.

Mitigation

Customers must upgrade to Veeam Backup & Replication 12.2 build 12.2.0.334 to patch the vulnerability.

Please refer to the Veeam Security Advisory (KB4649) for more information.

Qualys Detection

Qualys customers can scan their devices with QID 380432 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.veeam.com/kb4649

Leave a Reply

Your email address will not be published. Required fields are marked *