Veeam has provided security updates to 18 critical vulnerabilities in various solutions. These include patches for Veeam Backup & Replication, Veeam Service Provider Console and Veeam One.
According to Veeam, the September 2024 patches primarily fix a very critical vulnerability in its enterprise backup infrastructure management and security tool Veeam Backup & Replication (VBR).
The vulnerability in question CVE-2024-40711 can lead to remote code execution (RCE) and can be exploited without authentication. This makes it an attack vector for lateral movement and thus very suitable for ransomware attacks.
Backups can be attacked and encrypted with it, leaving victims susceptible to so-called “double” extortion attacks. This by deleting or encrypting backups, leaving victims with no choice but to pay. Well-known ransomware gangs such as Conti, REvil, Maze, Egregor and BlackBasta are said to have targeted vulnerabilities in Veeam VBR in the past.
The current patched vulnerability targets Veeam VBR version 12.1.2.172 and all earlier versions starting with 12.0. Users should immediately update to version 12.2.0.334, according to Veeam.
In addition to this critical patch, five other vulnerabilities for Veeam VBR, version 12.1.2.172 and older, have also been provided with a security update. These patches fix the vulnerabilities indicated as ‘high’ CVE-2024-40710, CVE-2024-40713, CVE-2024-40714, CVE-2024-39718 and CVE-2024-40712.
More patches
Patches have also been released for Veeam’s Service Provider Console, version 8.1.0.21377 and older. This primarily involves vulnerability CVE-2024-38650 that allows low-privileged attackers to access the NTLM hash of the service account on the VSPC server.
The second critical vulnerability fixed for this Veeam product is CVE-2024-39714. This allows a user with low privileges to upload arbitrary files to the server, enabling RCE.
Patches for Veeam ONE
Furthermore, Veeam has released patches for Veeam ONE, version 12.1.0.3208 and older. For this, first, the vulnerability CVE-2024-42024 has been fixed. This allows attackers with ONE Agent service account login credentials to perform RCE on the host machine.
Finally, Veeam is patching the CVE-2024-42019 vulnerability in ONE. This vulnerability allows hackers to access the NTLM hash of the Reporter Service account. This does require previous data collection via Veeam VBR.
Also read: Veeam Backup for Microsoft 365 v8 strengthens immutable backups