A critical vulnerability allows unauthorized attackers to sign into an account through the Veeam Backup Enterprise Manager (VBEM).
Through VBEM’s console, administrators can manage Veeam Backup & Replication installations. Large organizations use the platform to manage backup tasks and restore operations. They gain visibility into all tasks running on backup servers and can search for machines and object storage systems. The platform can also control encryption and decryption processes.
VBEM is not set up by default for Veeam customers. Therefore, the new vulnerability will not affect all users automatically.
Severity
Nevertheless, this is a serious vulnerability. Indeed, it received a CVSS score of 9.8, where 10 is the maximum score. Given the capabilities around backups and data, this is explainable. “This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user,” the company explicitly explains.
Veeam recommends that users take action as soon as possible. The easiest step is to install version 12.1.2.172 of VBEM, which fixes the vulnerability. Alternatively, Veeam mentions shutting down VBEM by disabling VeeamEnterpriseManagerSvc and VeeamRESTSvc. Finally, there is the option to uninstall VBEM.
Veeam has recently been expanding its platform to include ransomware mitigation options. It recently acquired Coveware, which offers incident response. This party deals with ransomware assessment and negotiation to end downtime quickly.