HQ/EMEAFind out how we can help your business
Earlier this week, Veeam issued an advisory urging its customers to patch a significant security flaw that could allow unauthenticated attackers to sign into any account using the Veeam Backup Enterprise Manager (VBEM).
VBEM is a web-based platform enabling admins to manage all Veeam Backup & Replication installations from a single web portal. It can also assist in managing backup jobs and performing restoration operations across an organisation’s backup infrastructure and large-scale deployments.
Additionally, it is worth noting that VBEM is not enabled by default, and not all environments are vulnerable to attacks via the CVE-2024-29849 flaw, which Veeam classify as a critical severity vulnerability. On the other hand, admins that are unable to immediately employ the VBEM version 12.1.2.172, which addresses this security flaw, can mitigate the issue by deactivating the VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager) and VeeamRESTSvc (Veeam RESTful API) services.
Veeam has also addressed a couple of VBEM vulnerabilities after spotting the earlier-mentioned critical flaw.
According to reports, Veeam also patched two high-severity VBEM vulnerabilities earlier this week. The first flaw could allegedly allow account takeover via NTLM relay (CVE-2024-29850), and the other could enable high-privileged users to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if it is not set to run as the default Local System account (CVE-2024-29851).
Veeam also addressed a high-severity vulnerability (CVE-2023-27532) in its Backup & Replication software in March 2023, which may have been used to infiltrate backup infrastructure hosts.
This vulnerability was later used in assaults attributed to the financially motivated FIN7 threat group, affiliated with several ransomware operations, such as Conti, REvil, Maze, Egregor, and BlackBasta.
However, the vulnerability became a weapon for another threat group after the Cuban ransomware group exploited the same bug to attack vital infrastructures in the United States and Latin American IT corporations.
These incidents became a headache for various organisations that ran on flawed software. Organisations that currently operate on the flawed VBEM should immediately follow the advisory to avoid falling victim to threat actors who would try to exploit it.
