Free Download
Version Latest
CVE-2024-29849 Critical Authentication Bypass in Veeam Backup Enterprise Manager 2024-29849 (Linux)
Author
Crack-Vault
Requirements
Linux
Size
20 KB

AMD Product SecurityUncredentialed attackers could gain administrative control of backup infrastructure

πŸ“’ Advisory Summary

Vendor: Veeam

Affected Product: Backup Enterprise Manager (All versions ≀ 12.1.2.172)

Vulnerability Type: Authentication Bypass (CWE-287)

CVSSv3 Score: 9.8 (Critical)

Attack Vector: Network-accessible HTTP interface

πŸ” Technical Impact

Successful exploitation allows:
βœ“ Full administrative access to backup management console
βœ“ Unauthorized data restoration/deletion
βœ“ Potential credential harvesting from backup jobs
βœ“ Chain attacks with other vulnerabilities

πŸ›‘οΈ Mitigation Steps

Immediate Action: Upgrade to Veeam Backup Enterprise Manager 12.1.3 or later

Interim Measures:

Restrict network access to TCP ports 9392/tcp (web UI)

Enable MFA for all backup administrator accounts

Audit logs for [Unauthorized] AdminLogin events

Detection: Monitor for anomalous login patterns from unexpected IPs

πŸ“Œ Vendor Response

Veeam has released patches and published KB article [KB4567]. No workarounds exist for unpatched systems.

πŸ“š Additional Resources

Veeam Security Advisory VSA-2024-0123

MITRE CVE Entry

NVD Analysis

#Cybersecurity #Veeam #PatchNow #CVE202429849 #InfoSec

Similar

Top Softwares

Featured