Summary: A series of critical vulnerabilities in Veeam Backup & Replication have been identified, exposing organizations to severe risks including unauthorized access and remote code execution. The most critical vulnerability allows unauthenticated attackers to execute code remotely, potentially compromising entire systems.
Threat Actor: Unauthenticated attackers | unauthenticated attackers
Victim: Organizations using Veeam Backup & Replication | organizations using Veeam Backup & Replication
Key Point :
- Critical vulnerability (CVE-2024-40711) allows unauthenticated remote code execution with a CVSS score of 9.8.
- Multi-Factor Authentication (MFA) can be bypassed by low-privileged users (CVE-2024-40713).
- Sensitive information, including saved credentials, can be disclosed (CVE-2024-40710).
- Low-privileged users can delete files remotely (CVE-2024-39718).
- Credential interception is possible during restore operations due to a TLS validation flaw (CVE-2024-40714).
- Local privilege escalation can occur via a path traversal vulnerability (CVE-2024-40712).
- Organizations are urged to apply the latest patch (Veeam Backup & Replication 12.2 build 12.2.0.334) immediately.
A series of critical vulnerabilities have been uncovered in Veeam Backup & Replication, potentially exposing organizations to unauthorized access, remote code execution, and data breaches. The most severe vulnerability (CVE-2024-40711, CVSS 9.8) allows unauthenticated attackers to execute code remotely, granting them full control over the affected system.
These vulnerabilities impact various aspects of Veeam Backup & Replication, including:
- Remote Code Execution (RCE): Multiple vulnerabilities enable attackers to execute malicious code on the system, even with low-privileged user accounts (CVE-2024-40710, CVE-2024-40711).
- Multi-Factor Authentication (MFA) Bypass: A flaw allows low-privileged users to modify MFA settings and bypass this crucial security layer (CVE-2024-40713).
- Sensitive Information Disclosure: Attackers can extract saved credentials and passwords from the system, potentially leading to further compromise (CVE-2024-40710).
- Unauthorized File Deletion: Low-privileged users can remotely delete files with the same permissions as the service account (CVE-2024-39718).
- Credential Interception: A TLS certificate validation vulnerability allows attackers on the same network to intercept sensitive credentials during restore operations (CVE-2024-40714).
- Local Privilege Escalation (LPE): A path traversal vulnerability enables attackers with local access to escalate their privileges on the system (CVE-2024-40712).
The urgency of this situation cannot be overstated. Organizations relying on Veeam Backup & Replication for data protection are strongly urged to apply the latest patch (Veeam Backup & Replication 12.2 build 12.2.0.334) immediately. These vulnerabilities pose a significant risk to the confidentiality, integrity, and availability of critical data.