Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

June 13, 2024 at 01:25PM

A proof-of-concept exploit for Veeam Recovery Orchestrator vulnerability tracked as CVE-2024-29855 has been released by security researcher Sina Kheirkha. The exploit allows unauthenticated access to the web UI with administrative privileges due to a hardcoded JWT secret. Veeam’s security bulletin suggests upgrading to patched versions and provides conditions required to exploit the flaw. As the exploit is public, applying available security updates is crucial.

Based on the meeting notes, the key takeaways are:

1. A proof-of-concept exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released by security researcher Sina Kheirkha.
2. The vulnerability allows unauthenticated attackers to log in to the Veeam Recovery Orchestrator web UI with administrative privileges due to a hardcoded JSON Web Token (JWT) secret.
3. Veeam’s security bulletin recommends upgrading to the patched versions 7.1.0.230 and 7.0.0.379 to mitigate the vulnerability.
4. The exploitation script developed by Kheirkha can potentially bypass the requirements mentioned in Veeam’s bulletin, making the vulnerability more formidable and impactful.
5. Attackers are likely to leverage the exploit against unpatched systems, emphasizing the importance of applying security updates as soon as possible.

Full Article