Veeam security vulnerabilities fixed

Veeam has recently closed a number of security vulnerabilities, some of which are serious. Among others, Veeam Backup & Replication, Veeam ONE, the Veeam Service Provider Console and the Veeam Agent for Linux are affected.

Under certain conditions, the vulnerabilities allow attackers to execute malicious code on target systems, gain administrative privileges or bypass security mechanisms such as multi-factor authentication (MFA).

A vulnerability in Veeam Backup & Replication, which occurs up to version 12.1.2.172, is particularly critical. The vulnerability (CVE-2024-40711) allows attackers to execute malicious code without authentication via Remote Code Execution (RCE). Other vulnerabilities in this software concern the manipulation of the MFA or the misuse of service accounts to execute RCE. An immediate update to version 12.2 is recommended to close these gaps.

Veeam ONE is also affected by serious vulnerabilities, such as CVE-2024-42024, which allows attackers to execute RCE on a system with Veeam ONE Agent installed. Another vulnerability (CVE-2024-42019) could be used to steal the NTLM hash of a service account and thereby gain unauthorised access to systems.

The Veeam Service Provider Console also has several critical vulnerabilities. One of the most dangerous (CVE-2024-38650) allows attackers to gain administrative privileges by extracting the NTLM hash of a service account.

Finally, a vulnerability in Veeam Agent for Linux (CVE-2024-40709) that allows local users to gain root privileges is also mentioned.

Admins are strongly advised to install the latest updates immediately to protect their systems and avoid further risks.

Any questions?

Andreas Freisen

Sales

Project Manager from the Enterprise Storage Solutions Team - our specialists for large projects.

Any questions?

More articles on the topic of security