Consumers of Veeam Backup Company Manager are getting urged to update to the hottest edition following the discovery of a critical security flaw that could allow an adversary to bypass authentication protections.
Tracked as CVE-2024-29849 (CVSS rating: 9.8), the vulnerability could enable an unauthenticated attacker to log in to the Veeam Backup Organization Supervisor web interface as any user.
The firm has also disclosed three other shortcomings impacting the same item –
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
- CVE-2024-29850 (CVSS score: 8.8), which makes it possible for account takeover through NTLM relay
- CVE-2024-29851 (CVSS rating: 7.2), which allows a privileged person to steal NTLM hashes of a Veeam Backup Enterprise Supervisor assistance account if it’s not configured to operate as the default Regional Process account
- CVE-2024-29852 (CVSS rating: 2.7), which enables a privileged consumer to read through backup session logs
All the flaws have been resolved in edition 12.1.2.172. Having said that, Veeam observed that deploying Veeam Backup Company Manager is optional and that environments that do not have it set up are not impacted by the flaws.
In current months, the corporation has also resolved a regional privilege escalation flaw impacting the Veeam Agent for Windows (CVE-2024-29853, CVSS rating: 7.2) and a critical distant code execution bug impacting Veeam Assistance Provider Console (CVE-2024-29212, CVSS rating: 9.9).
“Because of to an unsafe deserialization technique utilised by the Veeam Services Supplier Console (VSPC) server in communication in between the administration agent and its factors, below specific disorders, it is attainable to carry out Remote Code Execution (RCE) on the VSPC server machine,” Veeam stated of CVE-2024-29212.
Security flaws in Veeam Backup & Replication computer software (CVE-2023-27532, CVSS rating: 7.5) have been exploited by menace actors like FIN7 and Cuba for deploying destructive payloads, such as ransomware, building it essential that users transfer rapidly to patch the aforementioned vulnerabilities.
Uncovered this short article interesting? Observe us on Twitter and LinkedIn to browse additional exclusive content we publish.
Some parts of this article are sourced from:
thehackernews.com