CVE-2024-29849 Critical Authentication Bypass in Veeam Backup Enterprise Manager (Linux)

Uncredentialed attackers could gain administrative control of backup infrastructure

📢 Advisory Summary

Vendor: Veeam

Affected Product: Backup Enterprise Manager (All versions ≤ 12.1.2.172)

Vulnerability Type: Authentication Bypass (CWE-287)

CVSSv3 Score: 9.8 (Critical)

Attack Vector: Network-accessible HTTP interface

🔍 Technical Impact

Successful exploitation allows:
✓ Full administrative access to backup management console
✓ Unauthorized data restoration/deletion
✓ Potential credential harvesting from backup jobs
✓ Chain attacks with other vulnerabilities

🛡️ Mitigation Steps

Immediate Action: Upgrade to Veeam Backup Enterprise Manager 12.1.3 or later

Interim Measures:

Restrict network access to TCP ports 9392/tcp (web UI)

Enable MFA for all backup administrator accounts

Audit logs for [Unauthorized] AdminLogin events

Detection: Monitor for anomalous login patterns from unexpected IPs

📌 Vendor Response

Veeam has released patches and published KB article [KB4567]. No workarounds exist for unpatched systems.

📚 Additional Resources

Veeam Security Advisory VSA-2024-0123

MITRE CVE Entry

NVD Analysis

#Cybersecurity #Veeam #PatchNow #CVE202429849 #InfoSec