Wednesday, November 20, 2024
Follow us On Linkedin
HomeCVE/vulnerabilityVeeam Backup & Replication Vulnerabilities Let Attackers Execute Remote Code

Veeam Backup & Replication Vulnerabilities Let Attackers Execute Remote Code

CVE/vulnerabilitycyber securityCyber Security NewsVulnerability

Published on

By Divya
Veeam Backup & Replication Vulnerabilities Let Attackers Execute Remote Code

Multiple critical vulnerabilities have been identified in Veeam Backup & Replication, a widely-used data protection and disaster recovery solution.

These vulnerabilities, discovered during internal testing, pose serious risks, including remote code execution (RCE), privilege escalation, and data interception.

The issues affect Veeam Backup & Replication version 12.1.2.172 and all earlier builds, with unsupported versions likely also at risk.

- Advertisement - SIEM as a Service

Overview of Discovered Vulnerabilities

Veeam Backup & Replication

  1. CVE-2024-40711
    • Description: Allows unauthenticated remote code execution.
    • Severity: Critical
    • CVSS v3.1 Score: 9.8
    • Discovery: Reported via HackerOne.
  2. CVE-2024-40713
    • Description: Enables low-privileged users to alter Multi-Factor Authentication (MFA) settings, bypassing MFA.
    • Severity: High
    • CVSS v3.1 Score: 8.8
  3. CVE-2024-40710
    • Description: Series of vulnerabilities allowing RCE to be the service account and extract sensitive information.
    • Severity: High
    • CVSS v3.1 Score: 8.8
  4. CVE-2024-39718
    • Description: Allows low-privileged users to remove files remotely with service account permissions.
    • Severity: High
    • CVSS v3.1 Score: 8.1
  5. CVE-2024-40714
    • Description: A TLS certificate validation flaw permits credentials interception during restore operations.
    • Severity: High
    • CVSS v3.1 Score: 8.3
  6. CVE-2024-40712
    • Description: Path traversal vulnerability enabling local privilege escalation.
    • Severity: High
    • CVSS v3.1 Score: 7.8

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

Veeam Agent for Linux

  • CVE-2024-40709
    • Description: Allows local low-privileged users to escalate privileges to the root level.
    • Severity: High
    • CVSS v3.1 Score: 7.8
    • Discovery: Reported via HackerOne.

Veeam ONE

  1. CVE-2024-42024
    • Description: Enables RCE with Veeam ONE Agent service account credentials.
    • Severity: Critical
    • CVSS v3.1 Score: 9.1
    • Discovery: Reported via HackerOne.
  2. CVE-2024-42019
    • Description: Allows access to NTLM hash of Veeam Reporter Service account.
    • Severity: Critical
    • CVSS v3.1 Score: 9.0
  3. CVE-2024-42023
    • Description: Permits low-privileged users to execute code with Administrator privileges.
    • Severity: High
    • CVSS v3.1 Score: 8.8
  4. CVE-2024-42021
    • Description: Allows access to saved credentials with valid access tokens.
    • Severity: High
    • CVSS v3.1 Score: 7.5
  5. CVE-2024-42022
    • Description: Enables modification of product configuration files.
    • Severity: High
    • CVSS v3.1 Score: 7.5
  6. CVE-2024-42020
    • Description: HTML injection vulnerability in Reporter Widgets.
    • Severity: High
    • CVSS v3.1 Score: 7.3

Veeam Service Provider Console

  1. CVE-2024-38650
    • Description: Allows access to NTLM hash of service account.
    • Severity: Critical
    • CVSS v3.1 Score: 9.9
    • Discovery: Reported via HackerOne.
  2. CVE-2024-39714
    • Description: Permits arbitrary file uploads leading to RCE.
    • Severity: Critical
    • CVSS v3.1 Score: 9.9
  3. CVE-2024-39715
    • Description: Enables RCE via REST API file uploads.
    • Severity: High
    • CVSS v3.1 Score: 8.5
  4. CVE-2024-38651
    • Description: Allows file overwriting leading to RCE.
    • Severity: High
    • CVSS v3.1 Score: 8.5

Veeam Backup for Nutanix AHV and Oracle Linux Virtualization Manager

  • CVE-2024-40718
    • Description: Enables local privilege escalation via SSRF vulnerability.
    • Severity: High
    • CVSS v3.1 Score: 8.8

Mitigation and Recommendations

Veeam has addressed these vulnerabilities in the latest software updates. Users are strongly advised to upgrade to Veeam Backup & Replication 12.2 (build 12.2.0.334), Veeam Agent for Linux 6.2 (build 6.2.0.101), Veeam ONE v12.2 (build 12.2.0.4093), and Veeam Service Provider Console v8.1 (build 8.1.0.21377) to mitigate these risks.

Regularly updating software and applying security patches is crucial to safeguard against potential exploits.

For organizations relying on Veeam products, it is imperative to review security settings, enhance monitoring of suspicious activities, and ensure that all systems are updated to the latest versions to protect against these vulnerabilities.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Cyber Security News

Microsoft Ignite New 360-Degree Details Attackers Tools & Methods

A significant leap forward in cybersecurity was announced with the introduction of new threat...
CVE/vulnerability

Trend Micro Deep Security Vulnerable to Command Injection Attacks

Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability...
CVE/vulnerability

CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations...
Cyber Security News

Phobos Ransomware Admin as Part of International Hacking Operation

The U.S. Department of Justice unsealed criminal charges today against Evgenii Ptitsyn, a 42-year-old Russian...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

Register Now

More like this

Cyber Security News

Microsoft Ignite New 360-Degree Details Attackers Tools & Methods

A significant leap forward in cybersecurity was announced with the introduction of new threat...
CVE/vulnerability

Trend Micro Deep Security Vulnerable to Command Injection Attacks

Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability...
CVE/vulnerability

CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 20016 - 2024 GBHackers On Security - All Rights Reserved