Veeam warns of critical Backup Enterprise Manager auth bypass bug

Veeam warns of critical Backup Enterprise Manager auth bypass bug

May 21, 2024 at 06:27PM

Veeam has urged customers to address a critical security vulnerability in Veeam Backup Enterprise Manager (VBEM), allowing unauthenticated attackers to access any account. VBEM, not enabled by default, may be patched to mitigate this and other high-severity vulnerabilities. These flaws have been exploited in ransomware attacks targeting global IT infrastructure.

Key Points from the Meeting Notes:

– Veeam Backup Enterprise Manager (VBEM) has a critical security vulnerability (CVE-2024-29849) that allows unauthenticated attackers to log into the web interface as any user. This can be mitigated by upgrading to VBEM version 12.1.2.172 or by stopping/disabling specific services if immediate upgrade is not possible.

– Two additional high-severity VBEM vulnerabilities (CVE-2024-29850 and CVE-2024-29851) were also patched.

– A previously patched vulnerability (CVE-2023-27532) in Veeam’s Backup & Replication software was exploited in ransomware attacks attributed to FIN7 threat group, impacting various organizations.

– In November, hotfixes were released for critical flaws in Veeam’s ONE IT infrastructure monitoring and analytics platform.

– Veeam’s products are widely utilized, with over 450,000 customers worldwide, including a significant presence among Global 2,000 companies.

Overall, Veeam has been actively addressing security vulnerabilities in its products, with specific attention given to addressing ransomware-related exploits and maintaining the security of its diverse customer base.

Full Article