Multiple vulnerabilities in Veeam Backup Enterprise Manager
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-29849 CVE-2024-29850 CVE-2024-29851 CVE-2024-29852 |
| CWE-ID | CWE-862 CWE-294 CWE-264 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Veeam Backup Enterprise Manager Web applications / Remote management & hosting panels |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Missing Authorization
EUVDB-ID: #VU89814
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-29849
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to missing authorization within the Veeam Backup Enterprise Manager. A remote non-authenticated attacker can login to the Veeam Backup Enterprise Manager web interface as any user.
Install updates from vendor's website.
Vulnerable software versionsVeeam Backup Enterprise Manager: before 12.1.2.172
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Authentication Bypass by Capture-replay
EUVDB-ID: #VU89815
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29850
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass NTLM authentication.
The vulnerability exists due to application is vulnerable to NTLM relay attacks. A remote attacker can trick the victim to visit a specially crafted website or open a specially crafted file to obtain the victim's NTLM hash and perform an NTLM relay attack.
Install updates from vendor's website.
Vulnerable software versionsVeeam Backup Enterprise Manager: before 12.1.2.172
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication Bypass by Capture-replay
EUVDB-ID: #VU89816
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29851
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to the way the application handles authentication. A remote privileged user can obtain the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account and escalate privileges.
Install updates from vendor's website.
Vulnerable software versionsVeeam Backup Enterprise Manager: before 12.1.2.172
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89817
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29852
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote high-privileged user can read backup session logs.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVeeam Backup Enterprise Manager: before 12.1.2.172
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
