Veeam Addresses Critical Backup Enterprise Manager Security Flaw

2 Mins Read

PUREVPNNewsVeeam Addresses Critical Backup Enterprise Manager Security Flaw

Veeam has issued an urgent advisory for users to update their systems due to a severe vulnerability found in the Veeam Backup Enterprise Manager (VBEM). This critical flaw could allow attackers without prior authentication to access any user account. VBEM is a centralized web platform that simplifies the management of Veeam Backup & Replication setups. 

The system is instrumental for overseeing backup tasks and handling recovery operations throughout an organization’s extensive backup setups. However, since VBEM is not activated by default, not all users are susceptible to the flaw. Learn more about it below!

Details of the Vulnerability

The vulnerability, identified as CVE-2024-29849, has been given a high-severity rating with a CVSS score of 9.8 out of 10. Veeam explains: “This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.”

Administrators are recommended to upgrade their systems immediately to the latest VBEM version 12.1.2.172, which addresses this security bug. If you are unable to, there are other ways to mitigate the risk: 

  • Stop and deactivate the VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager) and VeeamRESTSvc (Veeam RESTful API) services.
  • Uninstall the Veeam Backup Enterprise Manager altogether to eliminate the attack vector for this vulnerability.

Veeam has also resolved two other high-severity vulnerabilities in the VBEM, including a flaw that could lead to account takeovers through NTLM relay attacks and another that might allow elevated privileges users to capture the NTLM hash of the Veeam Backup Enterprise Manager service account, provided it is not set to the default Local System account.

Vulnerabilities patched in VBEM version 12.1.2.172 (Source: Veeam)

Previous Exploits and Patches

Veeam’s software vulnerabilities have been targeted in the past. For example, a significant flaw patched in March 2023 in the Backup & Replication software was exploited by cybercriminals associated with the FIN7 group, notorious for its connections to various ransomware gangs like Conti and REvil.

Following this, affiliates of Cuba ransomware leveraged the vulnerability in targeted attacks against critical infrastructure in the US and IT firms in Latin America. Later in the year, Veeam released fixes for another pair of critical vulnerabilities in its ONE IT infrastructure monitoring platform, which posed risks for remote code execution and data theft.

Related Reads:

author

Anas Hasan

date

May 22, 2024

time

1 month ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.