Veeam Releases Safety Updates to Repair 18 Flaws, Together with 5 Important Points

Sep 05, 2024Ravie LakshmananMenace Prevention / Software program Safety

Veeam has shipped safety updates to handle a complete of 18 safety flaws impacting its software program merchandise, together with 5 crucial vulnerabilities that might lead to distant code execution.

The checklist of shortcomings is under –

  • CVE-2024-40711 (CVSS rating: 9.8) – A vulnerability in Veeam Backup & Replication that enables unauthenticated distant code execution.
  • CVE-2024-42024 (CVSS rating: 9.1) – A vulnerability in Veeam ONE that permits an attacker in possession of the Agent service account credentials to carry out distant code execution on the underlying machine
  • CVE-2024-42019 (CVSS rating: 9.0) – A vulnerability in Veeam ONE that enables an attacker to entry the NTLM hash of the Veeam Reporter Service service account
  • CVE-2024-38650 (CVSS rating: 9.9) – A vulnerability in Veeam Service Supplier Console (VPSC) that enables a low privileged attacker to entry the NTLM hash of the service account on the server
  • CVE-2024-39714 (CVSS rating: 9.9) – A vulnerability in VPSC that allows a low-privileged person to add arbitrary recordsdata to the server, leading to distant code execution on the server

As well as, the September 2024 updates deal with 13 different high-severity flaws that might allow privilege escalation, multi-factor authentication (MFA) bypass, and execute code with elevated permissions.

Cybersecurity

All the problems have been addressed within the under variations –

  • Veeam Backup & Replication 12.2 (construct 12.2.0.334)
  • Veeam Agent for Linux 6.2 (construct 6.2.0.101)
  • Veeam ONE v12.2 (construct 12.2.0.4093)
  • Veeam Service Supplier Console v8.1 (construct 8.1.0.21377)
  • Veeam Backup for Nutanix AHV Plug-In v12.6.0.632
  • Veeam Backup for Oracle Linux Virtualization Supervisor and Crimson Hat Virtualization Plug-In v12.5.0.299

With flaws in Veeam software program Customers changing into a profitable goal for risk actors to serve ransomware, customers are suggested to replace to the most recent model as quickly as attainable to mitigate potential threats.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles