Flash Notices

Flash Notice: Veeam's Backup Enterprise Manager has Four Vulnerabilities

Written by Marketing | May 22, 2024 6:24:23 PM

overview

This week, four vulnerabilities were found in Veeam’s Backup Enterprise Manger – with one being critical. The vulnerabilities are as follows:  

  • CVE-2024-29849 (CVSS 9.8): Unauthenticated access to Veeam Backup Enterprise Manager.  
  • CVE-2024-29850 (CVSS 8.8): Account takeover via NTLM relay. 
  • CVE-2024-29851 (CVSS 7.2): Stealing NTLM hash of the service account.  
  • CVE-2024-29852 (CVSS 2.7): Reading backup session logs by high-privileged users.  
  • CVE-2024-29853 (CVSS 7.8): Local Privilege Escalation in Veeam Agent for Windows.  

Veeam has released an update (version 12.1.2.172) to address multiple vulnerabilities in Veeam Backup & Replication software. The update also includes improvements across various areas such as platform support, malware detection, enterprise applications, and object storage. Users are strongly urged to upgrade to Veeam Backup & Replication version 12.1.2.172.

 

 

avertium's recommendationS

  • Users unable to immediately update to version 12.1.2.172 can disable specific services as a workaround: 
    • Stop and disable ‘VeeamEnterpriseManagerSvc’ (Veeam Backup Enterprise Manager) 
    • Stop and disable ‘VeeamRESTSvc’ (Veeam RESTful API Service) 
    • Do not stop the ‘Veeam Backup Server RESTful API Service’ 
  • If Veeam Backup Enterprise Manager is installed on a dedicated server, it can be upgraded independently to the latest version. Uninstallation of Veeam Backup Enterprise Manager is also an option if it's not in use.  
  • Please see Veeam’s advisory for further guidance.  

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.  
  • Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
    • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
    • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
    • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan). 




 

SUPPORTING DOCUMENTATION

KB4581: Veeam Backup Enterprise Manager Vulnerabilities (CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852) 

Veeam Enterprise Backup Manager Flaw Allows Unauthorized Access (cybersecuritynews.com)