Crucial Veeam Backup Enterprise Supervisor Flaw Permits Authentication Bypass

Could 22, 2024NewsroomEnterprise Safety / Vulnerability

Customers of Veeam Backup Enterprise Supervisor are being urged to replace to the most recent model following the invention of a essential safety flaw that would allow an adversary to bypass authentication protections.

Tracked as CVE-2024-29849 (CVSS rating: 9.8), the vulnerability might permit an unauthenticated attacker to log in to the Veeam Backup Enterprise Supervisor internet interface as any person.

The corporate has additionally disclosed three different shortcomings impacting the identical product –

• CVE-2024-29850 (CVSS rating: 8.8), which permits account takeover by way of NTLM relay
• CVE-2024-29851 (CVSS rating: 7.2), which permits a privileged person to steal NTLM hashes of a Veeam Backup Enterprise Supervisor service account if it is not configured to run because the default Native System account
• CVE-2024-29852 (CVSS rating: 2.7), which permits a privileged person to learn backup session logs

All the failings have been addressed in model 12.1.2.172. Nevertheless, Veeam famous that deploying Veeam Backup Enterprise Supervisor is optionally available and that environments that wouldn’t have it put in aren’t impacted by the failings.

In current weeks, the corporate has additionally resolved an area privilege escalation flaw affecting the Veeam Agent for Home windows (CVE-2024-29853, CVSS rating: 7.2) and a essential distant code execution bug impacting Veeam Service Supplier Console (CVE-2024-29212, CVSS rating: 9.9).

“Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine,” Veeam stated of CVE-2024-29212.

Safety flaws in Veeam Backup & Replication software program (CVE-2023-27532, CVSS rating: 7.5) have been exploited by risk actors like FIN7 and Cuba for deploying malicious payloads, together with ransomware, making it crucial that customers transfer rapidly to patch the aforementioned vulnerabilities.