KEY HIGHLIGHTS
- Veeam Backup Enterprise Manager (VBEM) vulnerability allows unauthorized access.
- Not all environments are susceptible due to VBEM not being enabled by default.
- Patches and mitigation steps are available for critical security flaws.
- Veeam has a history of vulnerabilities being exploited by ransomware groups.
WHAT WE KNOW
- Veeam has issued a warning to customers to patch a critical security vulnerability in Veeam Backup Enterprise Manager (VBEM).
- VBEM is a web-based platform for managing Veeam Backup & Replication installations.
- The vulnerability (CVE-2024-29849) allows unauthenticated attackers to log into any account via the VBEM web interface.
- This vulnerability has a CVSS base score of 9.8/10, indicating its severity.
- VBEM is not enabled by default, so not all environments are at risk.
- Administrators unable to upgrade to VBEM version 12.1.2.172 can mitigate the risk by disabling certain services or uninstalling VBEM if it’s not in use.
ALSO READ: Western Sydney University Notifies Over 7,500 Individuals About Data Breach
- Veeam also patched two high-severity vulnerabilities in VBEM (CVE-2024-29850 and CVE-2024-29851) related to NTLM relay and NTLM hash theft.
- In March 2023, Veeam patched another high-severity vulnerability (CVE-2023-27532) in its Backup & Replication software, which was exploited by the FIN7 threat group.
- This previous vulnerability was used in ransomware attacks targeting U.S. critical infrastructure and Latin American IT companies.
- Veeam released hotfixes in November for two critical flaws in its ONE IT infrastructure monitoring and analytics platform, which could allow remote code execution and NTLM hash theft.
- Veeam’s products are widely used by over 450,000 customers, including 74% of all Global 2,000 companies.
ALSO READ: Dark Web Drug Kingpin Arrested: Incognito Market Operator Faces Life in Prison
IMPACT
- Highlights the importance of regular software updates and patch management.
- Emphasizes the potential risks associated with unpatched vulnerabilities in widely used software.
- Warns administrators and organizations to take immediate action to protect their systems.
- Demonstrates the ongoing threat of ransomware and financially motivated cyber-attacks.
- Underlines the importance of proactive cybersecurity measures in large-scale and critical infrastructure deployments.