SB2024052701 - Multiple vulnerabilities in Veeam Backup Enterprise Manager
Published: May 27, 2024 Updated: June 14, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Missing Authorization (CVE-ID: CVE-2024-29849)
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to missing authorization within the Veeam Backup Enterprise Manager. A remote non-authenticated attacker can login to the Veeam Backup Enterprise Manager web interface as any user.
2) Authentication Bypass by Capture-replay (CVE-ID: CVE-2024-29850)
The vulnerability allows a remote attacker to bypass NTLM authentication.
The vulnerability exists due to application is vulnerable to NTLM relay attacks. A remote attacker can trick the victim to visit a specially crafted website or open a specially crafted file to obtain the victim's NTLM hash and perform an NTLM relay attack.
3) Authentication Bypass by Capture-replay (CVE-ID: CVE-2024-29851)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to the way the application handles authentication. A remote privileged user can obtain the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account and escalate privileges.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-29852)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote high-privileged user can read backup session logs.
Remediation
Install update from vendor's website.