in Breaking

Patch Your Veeam Backup Software To Avoid Account Takeover

Veeam warns of a critical VBEM vulnerability allowing unauthenticated access. Admins must patch or disable services to protect systems from potential cyber attacks.

Unauthenticated Access Vulnerability in Veeam Backup Enterprise Manager
Unauthenticated Access Vulnerability in Veeam Backup Enterprise Manager

KEY HIGHLIGHTS

  • Veeam Backup Enterprise Manager (VBEM) vulnerability allows unauthorized access.
  • Not all environments are susceptible due to VBEM not being enabled by default.
  • Patches and mitigation steps are available for critical security flaws.
  • Veeam has a history of vulnerabilities being exploited by ransomware groups.

 

WHAT WE KNOW

  • Veeam has issued a warning to customers to patch a critical security vulnerability in Veeam Backup Enterprise Manager (VBEM).
  • VBEM is a web-based platform for managing Veeam Backup & Replication installations.
  • The vulnerability (CVE-2024-29849) allows unauthenticated attackers to log into any account via the VBEM web interface.
  • This vulnerability has a CVSS base score of 9.8/10, indicating its severity.
  • VBEM is not enabled by default, so not all environments are at risk.
  • Administrators unable to upgrade to VBEM version 12.1.2.172 can mitigate the risk by disabling certain services or uninstalling VBEM if it’s not in use.

ALSO READ: Western Sydney University Notifies Over 7,500 Individuals About Data Breach

  • Veeam also patched two high-severity vulnerabilities in VBEM (CVE-2024-29850 and CVE-2024-29851) related to NTLM relay and NTLM hash theft.
  • In March 2023, Veeam patched another high-severity vulnerability (CVE-2023-27532) in its Backup & Replication software, which was exploited by the FIN7 threat group.
  • This previous vulnerability was used in ransomware attacks targeting U.S. critical infrastructure and Latin American IT companies.
  • Veeam released hotfixes in November for two critical flaws in its ONE IT infrastructure monitoring and analytics platform, which could allow remote code execution and NTLM hash theft.
  • Veeam’s products are widely used by over 450,000 customers, including 74% of all Global 2,000 companies.

ALSO READ: Dark Web Drug Kingpin Arrested: Incognito Market Operator Faces Life in Prison

IMPACT

  • Highlights the importance of regular software updates and patch management.
  • Emphasizes the potential risks associated with unpatched vulnerabilities in widely used software.
  • Warns administrators and organizations to take immediate action to protect their systems.
  • Demonstrates the ongoing threat of ransomware and financially motivated cyber-attacks.
  • Underlines the importance of proactive cybersecurity measures in large-scale and critical infrastructure deployments.

Written by Shashank Shekhar

EPA Sounds Alarm: Over 70% of U.S. Water Systems at Risk of Devastating Cyberattacks

70% of US Water Systems Fall Short on Cybersecurity Standards, EPA Reports
Western Canada's London Drugs Chain Hit by Data Breach, Refuses Hacker Ransom To Lockbit Group

Defiant London Drugs Won’t Pay $25M Ransom to Hackers Despite Employee Data Theft