### #VeeamSecurity #DataIntegrityThreats #BackupVulnerabilities
Summary: Veeam Software has issued a critical security update to address multiple vulnerabilities in its Backup & Replication software, which could allow attackers to execute malicious code and gain unauthorized access. The most severe vulnerability, CVE-2024-40717, has a high CVSS score of 8.8, indicating a significant risk to system integrity.
Threat Actor: Unknown | unknown
Victim: Veeam Software | Veeam Software
Key Point :
- Multiple vulnerabilities could lead to unauthorized access and system compromise.
- CVE-2024-40717 allows arbitrary code execution with elevated privileges.
- Other vulnerabilities include exposure of saved credentials and insecure deserialization risks.
- Veeam urges users to upgrade to the latest versions to mitigate these risks.
- Temporary mitigation includes removing untrusted users from backup server settings.
Veeam Software, a prominent provider of backup, recovery, and data management solutions, has released a security update to address multiple vulnerabilities in its Veeam Backup & Replication software. These vulnerabilities could potentially allow an authenticated attacker to execute malicious code, gain unauthorized access to sensitive information, and compromise the integrity of connected systems.
The most severe of these vulnerabilities, CVE-2024-40717, carries a CVSS v3.1 score of 8.8, indicating a high severity level. This vulnerability could enable an attacker to execute arbitrary code with elevated privileges, potentially leading to a complete system compromise. Other vulnerabilities addressed in this update include:
- CVE-2024-42451: Allows access to saved credentials in a human-readable format.
- CVE-2024-42452: Permits remote file uploads to connected ESXi hosts with elevated privileges.
- CVE-2024-42453: Enables control and modification of connected virtual infrastructure hosts.
- CVE-2024-42455: Facilitates insecure deserialization, potentially leading to file deletion.
- CVE-2024-42456: Grants access to privileged methods and control over critical services.
- CVE-2024-42457: Exposes saved credentials through the remote management interface.
- CVE-2024-45204: Exploits insufficient permissions in credential handling, potentially leading to the leakage of NTLM hashes.
A separate vulnerability, CVE-2024-45207, affects Veeam Agent for Microsoft Windows. Exploiting this flaw allows DLL injection when directories writable by untrusted users are added to the PATH environment variable. While the default Windows PATH does not include such directories, the risk remains significant in misconfigured environments.
Veeam has fixed these vulnerabilities in Veeam Backup & Replication 12.3 (build 12.3.0.310) and Veeam Agent for Microsoft Windows 6.3 (build 6.3.0.177) and urges all users to upgrade to this version immediately. As a temporary mitigation measure, Veeam recommends removing any untrusted or unnecessary users from the Users and Roles settings on the backup server.
Organizations relying on Veeam Backup & Replication are strongly encouraged to take immediate action to protect their critical data and infrastructure.