This advisory is for organizations that use Veeam Agent for Microsoft. If your organization does not use this platform, this notification may be discarded.
Summary
Veeam has issued patches to address an authentication bypass flaw in the Veeam Agent for Microsoft Windows which could allow an attacker to conduct local privilege escalation. Tracking this vulnerability and pushing out patches may be a concern for organizations with a large number of deployments.
CVE-2024-29853 - Veeam Agent for Microsoft Windows Vulnerability
CVSSv3.1: 7.2
Affected Platforms
Veeam Agent for Microsoft Windows | 2.0 | 3.0.2 | 4.0 | 5.0 | 6.0 | 6.1
This vulnerability is patched in Veeam Agent for Microsoft Windows 6.1.2 (build 6.1.2.134)
Additional Resources