Veeam Recovery Orchestrator Authentication Bypass Vulnerability

CVE-2024-29855

Summary

The Veeam Recovery Orchestrator Authentication Bypass Vulnerability (CVE-2024-29855) allows unauthenticated attackers to log in to the Veeam Recovery Orchestrator web UI with administrative privileges due to a hardcoded JSON Web Token (JWT) secret. A proof-of-concept (PoC) exploit for the vulnerability has been released by a security researcher, making it easier to exploit than initially suggested. The vulnerability impacts Veeam Recovery Orchestrator (VRO) versions 7.0.0.337 and 7.1.0.205 and older. It is recommended to upgrade to the patched versions 7.1.0.230 and 7.0.0.379 to mitigate the risk. Due to the availability of the exploit, attackers may attempt to leverage it against unpatched systems, emphasizing the importance of applying the available security updates as soon as possible.

News Articles

🔗Summoning Team

CVE-2024-29855

Summoning Team

Exploiting Veeam Recovery Orchestrator Authentication Bypass CVE-2024-29855

8 months ago

🔗BleepingComputer

CVE-2024-29855

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.

8 months ago

🔗| Cert

CVE-2024-29855

WARNING: A CRITICAL VULNERABILITY AFFECTS VEEAM RECOVERY ORCHESTRATOR, PATCH IMMEDIATELY!

CVE-2024-29855: Hijacking of administrative privileges

8 months ago

More News...

References