Uncredentialed attackers could gain administrative control of backup infrastructure
π’ Advisory Summary
Vendor: Veeam
Affected Product: Backup Enterprise Manager (All versions β€ 12.1.2.172)
Vulnerability Type: Authentication Bypass (CWE-287)
CVSSv3 Score: 9.8 (Critical)
Attack Vector: Network-accessible HTTP interface
π Technical Impact
Successful exploitation allows:
β Full administrative access to backup management console
β Unauthorized data restoration/deletion
β Potential credential harvesting from backup jobs
β Chain attacks with other vulnerabilities
π‘οΈ Mitigation Steps
Immediate Action: Upgrade to Veeam Backup Enterprise Manager 12.1.3 or later
Interim Measures:
Restrict network access to TCP ports 9392/tcp (web UI)
Enable MFA for all backup administrator accounts
Audit logs for [Unauthorized] AdminLogin events
Detection: Monitor for anomalous login patterns from unexpected IPs
π Vendor Response
Veeam has released patches and published KB article [KB4567]. No workarounds exist for unpatched systems.
π Additional Resources
Veeam Security Advisory VSA-2024-0123
#Cybersecurity #Veeam #PatchNow #CVE202429849 #InfoSec
Similar
-
CVE-2024-7954: Critical RCE in SPIP's Porte Plume Plugin
CVE-2024-7954: Critical RCE in SPIP's Porte Plume Plugin 2024-7954 (Cross-platform)
-
CVE-2024-22567: Security Advisory for MCMS 5.3.5
CVE-2024-22567: Security Advisory for MCMS 5.3.5 2024-22567 (Cross-platform)
-
CVE-2024-11616: Buffer Overflow in Netskope Endpoint DLP
CVE-2024-11616: Buffer Overflow in Netskope Endpoint DLP 2024-11616 (Cross-platform)
-
CVE-2024-21182: Broken Access Control in Oracle WebLogic Server
CVE-2024-21182: Broken Access Control in Oracle WebLogic Server 2024-21182: (Cross-platform)
Top Softwares
-
 β Complete Application Development Suite-64-icon.webp)
App Builder (x64) β Complete Application Development Suite
App Builder (x64) β Complete Application Development Suite 2025.7 (64-bit)
-
Opera
Opera 32.1 (64-bit)
-
WinRAR for Windows
WinRAR for Windows 1.9 (64-bit)
-
Face Swap β AI Photo Editor (Pro Mod APK)
Face Swap β AI Photo Editor (Pro Mod APK) v1.1.5 (Android)
-
microG Services (Signed APK)
microG Services (Signed APK) v0.3.1.4.240913 (Android)
Featured
-
β‘ ZigStrike β Network Simulation & Stress Testing Toolkit
β‘ ZigStrike β Network Simulation & Stress Testing Toolkit Latest (64-bit)
-
Grub2Win 2.4.2.10 β Advanced Boot Manager for Windows & Linux
Grub2Win 2.4.2.10 β Advanced Boot Manager for Windows & Linux 2.4.2.10 (Cross-platform)
-
Argente System Repair 1.0.1.2 β Comprehensive PC Optimization Tool
Argente System Repair 1.0.1.2 β Comprehensive PC Optimization Tool 1.0.1.2 (64-bit)
-
πΉοΈ CheatBook Issue 07/2025 + Database 2025 β Full Game Cheat Archive
πΉοΈ CheatBook Issue 07/2025 + Database 2025 β Full Game Cheat Archive 07/2025 (64-bit)
-
Acoustica Premium Edition 7.7.8 β Mastering & Audio Restoration Suite
Acoustica Premium Edition 7.7.8 β Mastering & Audio Restoration Suite 7.7.8 (Cross-platform)
