Vulnerabilities

Veeam Agent for Windows CVE-2024-29853

Written by Critical Insight | May 29, 2024 6:46:00 PM

 This advisory is for organizations that use Veeam Agent for Microsoft.  If your organization does not use this platform, this notification may be discarded.

Summary

Veeam has issued patches to address an authentication bypass flaw in the Veeam Agent for Microsoft Windows which could allow an attacker to conduct local privilege escalation.  Tracking this vulnerability and pushing out patches may be a concern for organizations with a large number of deployments.

CVE-2024-29853 - Veeam Agent for Microsoft Windows Vulnerability

                CVSSv3.1: 7.2

Affected Platforms

Veeam Agent for Microsoft Windows | 2.0 | 3.0.2 | 4.0 | 5.0 | 6.0 | 6.1

This vulnerability is patched in Veeam Agent for Microsoft Windows 6.1.2 (build 6.1.2.134) 

Additional Resources

https://www.veeam.com/kb4582