Intercepting Sensitive Credentials During Restore Operations
CVE-2024-40714

8.3HIGH

Key Information:

Vendor: Veeam
Status: Backup And Recovery
Vendor: CVE Published:; 7 September 2024

Summary

An improper certificate validation vulnerability has been identified in Veeam Backup & Replication, where inadequate checks during TLS certificate validation can be exploited by an attacker on the same network. This flaw potentially allows unauthorized interception of sensitive credentials during restore operations, posing a serious security threat to data integrity and confidentiality in enterprise environments.

Affected Version(s)

Backup and Recovery 12.1.2

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 7, 2024
Vulnerability Reserved
Jul 9, 2024