A critical security vulnerability has been uncovered by Veeam in the Backup Enterprise Manager tool.

Share it

Veeam has announced that it recently discovered, and fixed, a critical-severity vulnerability in its Veeam Backup Enterprise Manager (VBEM). The vulnerability, tracked as CVE-2024-29849 (via BleepingComputer) is described as an authentication bypass flaw, allowing pretty much anyone to sign into any account on the platform. It carries a security score of 9.8, deeming it “critical”.

VBEM is a centralized management and monitoring tool for Veeam Backup & Replication environments. It is designed for large-scale, or enterprise-level deployments, and provides a unified interface where admins can manage, monitor, and control backup operations across multiple Veeam Backup & Replication servers.

Patching more flaws

It’s also worth mentioning that VBEM is not turned on by default and not all companies using it are vulnerable. Still, everyone is advised to apply the patch as soon as possible. Those that cannot do that immediately are advised to disable the VeeamEnterpriseManagerSvc and VeeamRESTSvc services. Completely uninstalling Veeam Backup Enterprise Manager is also a viable option. The first version unaffected by the bug is VBEM, as confirmed by the company.

In its latest security advisory, Veeam also said it patched two additional VBEM flaws, one which allowed for account takeover via NTLM relay (tracked as CVE-2024-29850), and one that enables high-privileged users to steal the Veeam Backup Enterprise Manager service account’s NTLM hash (in scenarios where it’s not configured to run as the default Local System account). This one’s tracked as CVE-2024-29851.

More from us

🤞 Don’t miss these tips!

🤞 Don’t miss these tips!

Solverwp- WordPress Theme and Plugin