Veeam is advising customers to upgrade after three vulnerabilities were discovered in its popular Backup Enterprise Manager (VBEM) software, used by admins to manage backup jobs and perform restoration operations.
The most critical flaw of the three, designated CVE-2024-29489, could allow an unauthenticated threat actor to log in to the VBEM web interface as any user.
Veeam also patched the other two vulnerabilities, rated high severity, in its latest update to VBEM. The first, CVE-2024-29850, could allow account takeover while the second, CVE-2024-29851, could enable high-privileged users to steal the VBEM service account's hashed password.
Identify, measure, and reduce your risk with a personalized attack surface report.
Our automated attack surface reports detect end-of-life software and operating systems, exposed devices and services, third-party risks & more.
Try it free
Veeam is advising users running versions of VBEM before 12.1.2.172 to upgrade as soon as possible. Users who cannot immediately upgrade can still mitigate the issue by stopping and disabling the VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager) and VeeamRESTSvc (Veeam RESTful API) services or by uninstalling VBEM altogether.
Source: Bleeping Computer
Analysis
Consistent backups are a great way to help maintain business continuity should an organization suffer a ransomware attack or other type of disaster that prevents data access. As such, keeping backup infrastructure and software up to date is paramount to ensure these systems function properly when required.
Not only would compromised backup systems make recovery much more difficult, but they could also provide a threat actor with sensitive information that could be ransomed or exposed online, leading to privacy concerns and reputational damage.
For example, in 2023, Veeam discovered and patched a high-severity vulnerability, designated CVE-2023-27532, in its Backup and Replication software. Despite the availability of a patch, the vulnerability was quickly exploited by financially motivated and ransomware actors. Several months later, Cuba ransomware affiliates used the same vulnerability in attacks targeting U.S. critical infrastructure and IT companies based in Latin America.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software like VBEM. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the exploitation of these vulnerabilities.
Field Effect MDR users were automatically notified if a vulnerable version of VBEM was detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly encourages users of the affected VBEM versions to update to the latest version as soon as possible, in accordance with Veeam’s advisory.
Related Articles
