Share this
by Critical Insight on May 28, 2024
This advisory is for organizations that use Veeam Backup Enterprise Manager. If your organization does not use this platform, this notification may be discarded.
Summary
Last week, Veeam issued patches to address a critical security flaw found in the Veeam Backup Enterprise Manager.
|
Veeam Backup Enterprise Manager |
CVE-2024-29849 |
9.8 |
This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. |
|
Veeam Backup Enterprise Manager |
CVE-2024-29850 |
8.8 |
This Vulnerability in Veeam Backup Enterprise Manager allows account takeover via NTLM relay. |
|
Veeam Backup Enterprise Manager |
CVE-2024-29851 |
7.2 |
This vulnerability in Veeam Backup Enterprise Manager allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account. |
|
Veeam Backup Enterprise Manager |
CVE-2024-29852 |
2.7 |
This vulnerability in Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. |
Affected Platforms
Veeam Backup & Replication | 5.0 | 6.1 | 6.5 | 7.0 | 8.0 | 9.0 | 9.5 | 10 | 11 | 12 | 12.1
Veeam notes that deploying VBEM is optional. Users may verify if it is installed in the environment by running a powershell command on the Veeam Backup Server to see if VBR reports that it is being managed by a VBEM deployment:
(Note: Outlook may block powershell scripts so the code is included as a picture.)
All vulnerabilities documented in this article were fixed in Veeam Backup Enterprise Manager 12.1.2.172, which is packaged with: https://www.veeam.com/kb4510
Additional Resources
https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html