<\/div>\n

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication.<\/h2>\n\n\n\n

A critical vulnerability, tracked as\u00a0CVE-2024-29849\u00a0(CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication.<\/p>\n\n\n\n

Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication environments. It offers a web-based interface that allows users to manage multiple Veeam Backup & Replication servers, monitor backup jobs, and generate reports.<\/gwmw><\/p>\n\n\n\n

“<\/gwmw>This vulnerability in\u00a0Veeam Backup Enterprise Manager<\/strong>\u00a0allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.” reads the advisory<\/a> published by the vendor.<\/p>\n\n\n\n

The company has addressed the following vulnerabilities in Veeam Backup Enterprise Manager:<\/p>\n\n\n\n

\n
• CVE-2024-29850<\/strong>\u00a0(CVSS score: 8.8) – the flaw allows account takeover via NTLM relay.<\/gwmw><\/gwmw><\/li>\n\n\n\n
• CVE-2024-29851<\/strong>\u00a0(CVSS score: 7.2) – the flaw allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account.<\/li>\n\n\n\n
• CVE-2024-29852<\/strong>\u00a0(CVSS score: 2.7) – the flaw allows a privileged user to read backup session logs.<\/li>\n<\/ul>\n\n\n\n

  The four vulnerabilities have been addressed with the release of version 12.1.2.172<\/a>. The company also provided the following mitigation:<\/p>\n\n\n\n

  \n
  • This vulnerability can be mitigated by halting the Veeam Backup Enterprise Manager software.
    To do this, stop and disable the following services:\n
    \n
    • VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager)<\/li>\n\n\n\n
    • VeeamRESTSvc (Veeam RESTful API Service)
      _{Note: Do not stop the ‘Veeam Backup Server RESTful API Service’.<\/sub><\/li>\n<\/ul>\n<\/li>\n\n\n\n}
    • Veeam Backup Enterprise Manager is\u00a0compatible<\/a>\u00a0with managing Veeam Backup & Replication servers running an older version than Veeam Backup Enterprise Manager. Therefore, if the Veeam Backup Enterprise Manager software is installed\u00a0on a dedicated server<\/strong>, Veeam Backup Enterprise Manager can be upgraded to version 12.1.2.172 without the need to upgrade Veeam Backup & Replication immediately.<\/li>\n\n\n\n
    • Veeam Backup Enterprise Manager can be\u00a0uninstalled<\/a>\u00a0if it is not in use.<\/li>\n<\/ul>\n\n\n\n

      Pierluigi\u00a0Paganini<\/strong><\/a><\/gwmw><\/p>\n\n\n\n

      Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

      (<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Veeam)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

      A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as\u00a0CVE-2024-29849\u00a0(CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication. Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication […]<\/p>\n","protected":false},"author":1,"featured_media":129098,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[3684,4112,9508,10918,687,841,1533,4333,15106],"class_list":["post-163534","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-authentication-bypass","tag-hacking","tag-hacking-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news","tag-veeam","tag-veeam-backup-enterprise-manager"],"yoast_head":"\n