www.belgium.be Logo of the federal government

WARNING: AUTHENTICATION BYPASS IN VEEAM BACKUP ENTERPRISE MANAGER, PATCH IMMEDIATELY!

Reference: 
Advisory #2024-71
Version: 
1.1
Affected software: 
Veeam Backup & Replication | 5.0 | 6.1 | 6.5 | 7.0 | 8.0 | 9.0 | 9.5 | 10 | 11 | 12 | 12.1
Type: 
Authentication bypass
CVE/CVSS: 

CVE-2024-29849: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

Veeam: https://www.veeam.com/kb4581

Risks

A vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.

Veeam Backup Enterprise Manager is an optional installation, this vulnerability applies to Veeam Backup Enterprise Manager specifically.

A proof of concept exploit has been observed on the internet, which makes it a lot easier for attackers to exploit this vulnerability.

Description

By gaining access to the Veeam Backup Enterprise Manager as an administrator account, attackers gain high level access to the server.

This vulnerability could be targeted by ransomware actors to gain control over enterprise backups to make restoring from backups impossible or perform lateral movement into your environment.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

This vulnerability was patched in Veeam Backup Enterprise Manager 12.1.2.172.

In case updates are not possible, Veeam details workarounds to mitigate this vulnerability on their advisory page.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

The Hacker News: https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html

Tenable: https://www.tenable.com/cve/CVE-2024-29849