Veeam Enterprise Backup Manager Flaw Allows Unauthorized Access
Veeam Backup And Replication is backup software for creating secure backups that enable clean recovery and data resilience.
The software replicates VM backups to a secondary location, which will quickly recover from a failover to a replica VM during a potential disaster on the primary site.
Veeam has released a new security release information and advisory for Veeam Backup and Replication 12.1.2.172, which fixes multiple vulnerabilities and makes some improvements.
The critical vulnerabilities addressed were CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852, and CVE-2024-29853.
According to the advisory, CVE-2024-29849 has the highest severity associated with Unauthenticated and unauthorized access to Veeam Backup Enterprise Manager.
An unauthenticated threat actor can exploit this vulnerability and log in to the Veeam Enterprise Manager web interface under the context of any user.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
The severity for this vulnerability was given as 9.8 (Critical). However, this vulnerability has been addressed on the 12.1 updates for Veeam Backup & Replication 12.1.2.172 version.
CVE-2024-29850 and CVE-2024-29851 were two high severity vulnerabilities addressed by Veeam on this release which were associated with Account takeover via NTLM relay and stealing of NTLM hash of a service account.
The severity for these vulnerabilities were 8.8 (High) and 7.2 (High). Another High severity vulnerability that was addressed on Veeam Agent for Windows (VAW) was CVE-2024-29853 which was associated with Local Privilege Escalation. The severity for this vulnerability was 7.8 (High).
Mitigation Steps
If users of Veeam are not able to upgrade their Veeam Backup Enterprise Manager to 12.1.2.172 immediately, they can follow the below steps as a workaround.
It is advised to disable the following services.
VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager)
VeeamRESTSvc (Veeam RESTful API Service)
However, it is advised not to stop the Veeam Backup Server RESTful API Service
If the Veeam Backup Enterprise Manager software is installed on a dedicated server, it can be upgraded to version 12.1.2.172 without immediately upgrading the Veeam Backup & Replication.
Additionally, if the Veeam Backup Enterprise Manager is not in use, it can be uninstalled.
Enhancements And Improvements
Apart from these bug fixes, there were several features and enhancements on the platform on multiple sections such as
Platform Support
General
Malware Detection
Enterprise Applications
Object Storage
Primary Storage
Secondary Storage
Security & Compliance Analyzer
Veeam Agents.
These were multiple issues resolved in
VMware vSphere
Microsoft Hyper-V
General
Agent Management
Unstructured Data Backup
Backup copy
SureBackup
Tape
Veeam Cloud Connect
Self-Service Backup Portal
Scale-out Backup Repository
Object storage and
Primary storage.
Users of Veeam Backup & Replication are recommended to upgrade to the latest version 12.1.2.172 for improving and enhancing the features and fixing these vulnerabilities from getting exploited by threat actors.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
The post Veeam Enterprise Backup Manager Flaw Allows Unauthorized Access appeared first on Cyber Security News.