Veeam Enterprise Backup Manager Flaw Allows Unauthorized Access

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

Veeam Backup And Replication is backup software for creating secure backups that enable clean recovery and data resilience.

The software replicates VM backups to a secondary location, which will quickly recover from a failover to a replica VM during a potential disaster on the primary site.

Veeam has released a new security release information and advisory for Veeam Backup and Replication 12.1.2.172, which fixes multiple vulnerabilities and makes some improvements.

The critical vulnerabilities addressed were CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852, and CVE-2024-29853.

According to the advisory, CVE-2024-29849 has the highest severity associated with Unauthenticated and unauthorized access to Veeam Backup Enterprise Manager. 

An unauthenticated threat actor can exploit this vulnerability and log in to the Veeam Enterprise Manager web interface under the context of any user.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The severity for this vulnerability was given as 9.8 (Critical). However, this vulnerability has been addressed on the 12.1 updates for Veeam Backup & Replication 12.1.2.172 version. 

CVE-2024-29850 and CVE-2024-29851 were two high severity vulnerabilities addressed by Veeam on this release which were associated with Account takeover via NTLM relay and stealing of NTLM hash of a service account.

The severity for these vulnerabilities were 8.8 (High) and 7.2 (High). Another High severity vulnerability that was addressed on Veeam Agent for Windows (VAW) was CVE-2024-29853 which was associated with Local Privilege Escalation. The severity for this vulnerability was 7.8 (High).

Mitigation Steps

If users of Veeam are not able to upgrade their Veeam Backup Enterprise Manager to 12.1.2.172 immediately, they can follow the below steps as a workaround. 

  • It is advised to disable the following services.
  • VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager)
  • VeeamRESTSvc (Veeam RESTful API Service)

However, it is advised not to stop the Veeam Backup Server RESTful API Service

  • If the Veeam Backup Enterprise Manager software is installed on a dedicated server, it can be upgraded to version 12.1.2.172 without immediately upgrading the Veeam Backup & Replication.
  • Additionally, if the Veeam Backup Enterprise Manager is not in use, it can be uninstalled.

Enhancements And Improvements

Apart from these bug fixes, there were several features and enhancements on the platform on multiple sections such as 

  • Platform Support
  • General
  • Malware Detection
  • Enterprise Applications
  • Object Storage
  • Primary Storage
  • Secondary Storage
  • Security & Compliance Analyzer
  • Veeam Agents.

These were multiple issues resolved in

  • VMware vSphere
  • Microsoft Hyper-V
  • General
  • Agent Management
  • Unstructured Data Backup
  • Backup copy
  • SureBackup
  • Tape
  • Veeam Cloud Connect
  • Self-Service Backup Portal
  • Scale-out Backup Repository
  • Object storage and 
  • Primary storage.

Users of Veeam Backup & Replication are recommended to upgrade to the latest version 12.1.2.172 for improving and enhancing the features and fixing these vulnerabilities from getting exploited by threat actors.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

The post Veeam Enterprise Backup Manager Flaw Allows Unauthorized Access appeared first on Cyber Security News.