Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise.
One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker to perform remote code execution upon successful exploitation.
Veeam Backup & Replication is one of the industry-leading backup, recovery, and data security solutions for all workloads, both on-premises and in the cloud. The software provides secure, robust, and reliable data protection. With a software-defined, hardware-independent solution, the software can eliminate downtime with instant recovery, protect from cyber threats with native immutability, and use validated backups.
CVE-2024-40713
The vulnerability has a high severity rating with a CVSS score of 8.8. An attacker with a low-privileged role within Veeam Backup & Replication may exploit the vulnerability to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
CVE-2024-40710
The vulnerability has a high severity rating with a CVSS score of 8.8. An attacker with a low-privileged role within Veeam Backup & Replication may exploit the vulnerability to execute code as the service account and extract sensitive information (saved credentials and passwords).
CVE-2024-39718
The vulnerability has a high severity rating with a CVSS score of 8.1. An attacker with low privilege may exploit the vulnerability to remotely remove files on the system with permissions equivalent to those of the service account.
CVE-2024-40714
The vulnerability has a high severity rating with a CVSS score of 8.3. The vulnerability exists in TLS certificate validation. The vulnerability may allow an attacker on the same network to intercept sensitive credentials during restore operations.
CVE-2024-40712
The vulnerability has a high severity rating with a CVSS score of 7.8. This path traversal vulnerability may allow an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
Affected Versions
The vulnerability affects Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds.
Mitigation
Customers must upgrade to Veeam Backup & Replication 12.2 build 12.2.0.334 to patch the vulnerability.
Please refer to the Veeam Security Advisory (KB4649) for more information.
Qualys Detection
Qualys customers can scan their devices with QID 380432 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.veeam.com/kb4649
