Vulnerabilities

Veeam Backup Enterprise Manager CVE-2024-29849 thru 29852

Written by Critical Insight | May 28, 2024 6:49:00 PM

This advisory is for organizations that use Veeam Backup Enterprise Manager.  If your organization does not use this platform, this notification may be discarded. 

Summary

Last week, Veeam issued patches to address a critical security flaw found in the Veeam Backup Enterprise Manager.

Veeam Backup Enterprise Manager

CVE-2024-29849

9.8

This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. 

Veeam Backup Enterprise Manager

CVE-2024-29850

8.8

This Vulnerability in Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

Veeam Backup Enterprise Manager

CVE-2024-29851

7.2

This vulnerability in Veeam Backup Enterprise Manager allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account.

Veeam Backup Enterprise Manager

CVE-2024-29852

2.7

This vulnerability in Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.

  

Affected Platforms

Veeam Backup & Replication | 5.0 | 6.1 | 6.5 | 7.0 | 8.0 | 9.0 | 9.5 | 10 | 11 | 12 | 12.1

Veeam notes that deploying VBEM is optional.  Users may verify if it is installed in the environment by running a powershell command on the Veeam Backup Server to see if VBR reports that it is being managed by a VBEM deployment:

(Note: Outlook may block powershell scripts so the code is included as a picture.)

All vulnerabilities documented in this article were fixed in Veeam Backup Enterprise Manager 12.1.2.172, which is packaged with: https://www.veeam.com/kb4510

 

Additional Resources

https://www.veeam.com/kb4581

https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html