May 22, 2024 at 09:03AM
Veeam released a Backup & Replication update addressing four vulnerabilities, including a critical Backup Enterprise Manager bug allowing unauthenticated access. The update also resolves high-severity issues related to NTLM relay attacks and stealing NTLM hash. Users are advised to update installations due to potential exploitation by threat actors.
Based on the meeting notes, here are the key takeaways:
1. Veeam released an update for Backup & Replication addressing four vulnerabilities, including a critical-severity bug in Backup Enterprise Manager.
2. The critical flaw allows an unauthenticated attacker to log in to the Backup Enterprise Manager web interface as any user and has a CVSS score of 9.8 (CVE-2024-29849).
3. The security defect impacts Backup & Replication product versions 5.0 to 12.1 and was fixed with the release of Backup Enterprise Manager version 12.1.2.172.
4. The update also resolves high-severity issues allowing attackers to take over accounts via NTLM relay attacks (CVE-2024-29850) and steal the NTLM hash of the Veeam Backup Enterprise Manager service account (CVE-2024-29851), and a low-severity Backup Enterprise Manager flaw allowing high-privileged users to read backup session logs.
5. Veeam recommends immediate installation of the update or halting the Backup Enterprise Manager if upgrading is not possible.
6. The update also includes fixes for a high-severity bug (CVE-2024-29853) in Veeam Agent for Windows (VAW) that could be exploited by a local attacker to elevate their privileges.
7. Users are advised to update their installations as soon as possible due to known threats targeting Veeam vulnerabilities.