Critical Authentication Bypass Flaw Found in Veeam Backup Enterprise Manager

Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication environments. A recent advisory published by the vendor has revealed that a critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), exists in Veeam Backup Enterprise Manager that could allow attackers to bypass authentication. This vulnerability allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user without the need for a username or password.

The company has also addressed three other vulnerabilities in Veeam Backup Enterprise Manager, including CVE-2024-29850 (CVSS score: 8.8) - account takeover via NTLM relay, CVE-2024-29851 (CVSS score: 7.2) - theft of the NTLM hash of the Veeam Backup Enterprise Manager service account, and CVE-2024-29852 (CVSS score: 2.7) - a privileged user reading backup session logs. These vulnerabilities have been addressed with the release of version 12.1.2.172, and the company has provided mitigation recommendations to address the critical authentication bypass flaw.

It is important to note that Veeam Backup Enterprise Manager's critical vulnerability can be mitigated by halting the software, stopping and disabling the VeeamEnterpriseManagerSvc and VeeamRESTSvc services, and upgrading to the latest version of Veeam Backup Enterprise Manager if necessary. The company strongly recommends patching all vulnerabilities as soon as possible to prevent potential attacks. This serves as another timely reminder of the importance of maintaining up-to-date software and applying patches and fixes to address security vulnerabilities continually.

It is crucial for organizations to regularly update and secure their software solutions to protect against potential threats and to ensure that their data remains safe and secure.