Unauthenticated Access to Veeam Backup Enterprise Manager
CVE-2024-29849
Key Information
- Vendor
- Veeam
- Status
- Backup & Replication
- Vendor
- CVE Published:
- 22 May 2024
Badges
What is CVE-2024-29849?
CVE-2024-29849 is a serious vulnerability affecting Veeam Backup Enterprise Manager, a widely used solution for data backup and recovery management. This vulnerability allows unauthenticated users to gain access to the web interface of the Enterprise Manager as any user without proper authorization. Such unauthorized access can enable attackers to manipulate backup configurations, disrupt backup processes, and potentially lead to data loss or corruption, posing significant risks to organizational data integrity and availability.
Technical Details
The vulnerability arises from the improper implementation of authentication mechanisms in Veeam Backup Enterprise Manager. Attackers can exploit this flaw to bypass the typical login requirements, allowing them to access functionalities that are meant to be restricted to authorized personnel only. This exploitation does not require prior authentication, which significantly lowers the barrier to entry for potential attackers. By leveraging this vulnerability, malicious actors can interact with the system in ways that could have serious implications for an organization's backup management.
Impact of the Vulnerability
-
Unauthorized Access: The most immediate impact of this vulnerability is the ability for unauthorized users to access sensitive operations within the Veeam Backup Enterprise Manager. This could lead to unauthorized changes to backup settings or access to sensitive backup data.
-
Data Manipulation and Corruption: Attackers could modify backup configurations or delete essential backups, risking loss of critical business data. This level of access can undermine the organization's disaster recovery capabilities and lead to significant operational disruptions.
-
Increased Risk of Ransomware Attacks: With the ability to access backup systems, attackers could escalate their efforts to deploy ransomware or other malicious payloads, targeting backups to ensure that organizations are forced to pay ransoms to recover their data. This vulnerability thus not only presents an immediate risk but could also contribute to broader security incidents orchestrated by organized cybercrime groups.
Affected Version(s)
Backup & Replication < 12.1.2.172
Backup & Replication < 11.0.1.1261 P20240304
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
www.thehackerwire.comMohamed Nabil Ali
Estimated read time 2 min read ServiceNow has patched three critical security vulnerabilities that could have allowed remote hackers to expose and access to sensitive data and execute malicious code on...
5 months ago
Telegram MessengerThe Bug Bounty Hunter
The Bug Bounty Hunter Refining your HTTP perspective, with bambdashttps://portswigger.net/research/adjusting-your-http-perspective-with-bambdas PortSwigger Research Refining your HTTP perspective,...
6 months ago
Security AffairsCVE-2024-29849Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!
A proof-of-concept (PoC) exploit code for aย Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 is publicly available.
7 months ago
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
- ๐
Vulnerability started trending
- ๐ฐ
First article discovered by The Hacker News
Vulnerability published