Veeam Vulns Allow Attackers Absolute Access

Share This Post

Four new vulnerabilities in the Veeam Backup Enterprise Manager software, ranging in threat scale rating of 2.7 to 9.8 (out of 10), have recently been announced and patched. The most serious of these vulnerabilities, tracked as CVE-2024-29849 (CVSS score: 9.8), allows unauthenticated attackers to log in to the Veeam Backup Enterprise Manager web interface as any user. The other vulnerabilities are as follows:

CVE-2024-29850 (CVSS score: 8.8) – Allows account takeover via NTLM relay.
CVE-2024-29851 (CVSS score: 7.2) – Allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service accounts.
CVE-2024-29852 (CVSS score: 2.7) – Allows a privileged user to read backup session logs.

There is a new release of the Enterprise Manager (12.1.2.172) that addresses all four of these vulnerabilities. Veeam also mentions this vulnerability can be mitigated by halting the Veeam Backup Enterprise Manager software.
To do this, stop and disable the following services:
VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager)
VeeamRESTSvc (Veeam RESTful API Service)

NOTE: Do not stop the Veeam Backup Server RESTful API Service.

If your organization’s instance of Enterprise Manager is currently accessible via the world wide web, it is recommended that access be terminated until the software can be updated.


For more information, please see the original advisory issued by Veeam: https://www.veeam.com/kb4581



Reach out to our incident response team for help

More To Explore

Information Security News 9-30-2024

NIST Drops Password Complexity, Mandatory Reset Rules Article Link: https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules Hacker Plants False Memories in ChatGPT to Steal User Data in Perpetuity Article Link: https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.