Veeam has announced that it recently discovered and fixed a critical vulnerability in its Veeam Backup Enterprise Manager (VBEM).
The vulnerability, tracked as CVE-2024-29849 (via BleepingComputer) is described as an authentication bypass flaw, allowing virtually anyone to log into any account on the platform. It has a safety score of 9.8, considering it “critical.”
VBEM is a centralized monitoring and management tool for Veeam Backup & Replication environments. It is designed for large-scale or enterprise-level deployments and provides a unified interface where administrators can manage, monitor and control backup operations across multiple Veeam Backup & Replication servers.
Patching more defects
It's also worth mentioning that VBEM is not enabled by default and not all companies that use it are vulnerable. Still, everyone is recommended to apply the patch as soon as possible.
For those who cannot do so immediately, it is recommended to disable the VeeamEnterpriseManagerSvc and VeeamRESTSvc services. Completely uninstalling Veeam Backup Enterprise Manager is also a viable option. More details can be found on the corresponding help page on the company's website.
The first version that is not affected by the bug is VBEM 12.1.2.172, as confirmed by the company.
In its latest security advisory, Veeam also said it patched two additional VBEM flaws, one that allowed account takeover via NTLM relay (tracked as CVE-2024-29850) and another that allows high-privileged users to steal Veeam Backup Enterprise Manager. the NTLM hash of the service account (in scenarios where it is not configured to run as the default local system account). This has a tracking as CVE-2024-29851.