In a significant move to safeguard enterprise data, Veeam has patched a critical vulnerability in its Backup Enterprise Manager (VBEM) web console. This bug was assigned a common vulnerability exposure, CVE-2024-29849, and it carried a CVSS rating of 9.8. It allowed unauthorized attackers to log in as any user.
The latest update of Veeam Backup & Replication, unveiled on Tuesday, seeks to fix four vulnerabilities, two of which are categorized as high-severity security flaws. Veeam strongly advises customers to upgrade to version 12.1.2.172 to mitigate these risks.
VBEM, an optional component not installed by default, facilitates remote management of multiple backup instances via a web console. The most severe bug could let attackers access this interface without authentication. To protect systems immediately, Veeam recommends disabling the VBEM services (VeeamEnterpriseManagerSvc and VeeamRESTSvc) if updating is not feasible. Notably, users should keep the Veeam Backup Server RESTful API Service running.
For those using older versions of Backup & Replication, the updated VBEM is backward compatible, simplifying the patching process.
Other significant vulnerabilities patched include CVE-2024-29850 (CVSS score 8.8), which could lead to account takeover via NTLM relay, and CVE-2024-29851 (CVSS score 7.2), which allows a high-privileged user to steal the NTLM hash if the service account is not default.
Veeam’s proactive measures are quite necessary, especially since its software has in the past been a target of attack by ransomware groups such as FIN7, which exploited vulnerabilities for malicious purposes. Previous exploits, such as CVE-2023-27532 and CVE-2022-26500/26501, highlighted the importance of staying updated to prevent credential theft and system takeover.
Veeam’s latest patch is a critical update for all users to ensure the security and integrity of their backup environments. Customers should take immediate action to keep their systems protected against potential threats.
