{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-048.pdf"
    },
    "title": "Critical Vulnerability in Veeam Backup Enterprise Manager",
    "serial_number": "2024-048",
    "publish_date": "22-05-2024 17:54:05",
    "description": "On May 21, 2024, Veeam issued fixes addressing multiple security flaws in Veeam Backup Enterprise Manager, including a critical vulnerability allowing unauthenticated attackers to bypass authentication and gain access to the web interface as any user.<br>\n",
    "url_title": "2024-048",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Veeam Backup\u00a0Enterprise\u00a0Manager'\nnumber: '2024-048'\nversion: '1.0'\noriginal_date: 'May 21, 2024'\ndate: 'May 22, 2024'\n---\n\n_History:_\n\n* _22/05/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn May 21, 2024, Veeam issued fixes addressing multiple security flaws in Veeam Backup Enterprise Manager, including a critical vulnerability allowing unauthenticated attackers to bypass authentication and gain access to the web interface as any user.\n\n# Technical Details\n\nThe vulnerability `CVE-2024-29849`, with a CVSS score of 9.8, could allow an unauthenticated attacker to login into the Veeam Backup Enterprise Manager web interface as any user. The flaw lies in the authentication mechanism of the web interface.\n\nThe vulnerability `CVE-2024-29850`, with a CVSS score of 8.8, could allow account takeover via NTLM relay.\n\nThe vulnerability `CVE-2024-29851`, with a CVSS score of 7.2, could allow a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default `Local System` account.\n\n# Affected Products\n\nVeeam Backup Enterprise Manager versions before prior to `12.1.2.172` are affected.\n\n# Recommendations\n\nIt is strongly advised upgrading to the latest version as soon as possible.\n\n## Workaround\n\nFor customers who are unable to upgrade Veeam Backup Enterprise Manager immediately, it is possible to mitigate these vulnerabilities by halting the Veeam Backup Enterprise Manager software.\n\nTo do so, the following services should be stopped and disabled:\n\n- VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager);\n- VeeamRESTSvc (Veeam RESTful API Service).\n\n# References\n\n[1] <https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html>\n\n[2] <https://www.veeam.com/kb4581>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>22/05/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On May 21, 2024, Veeam issued fixes addressing multiple security flaws in Veeam Backup Enterprise Manager, including a critical vulnerability allowing unauthenticated attackers to bypass authentication and gain access to the web interface as any user.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <code>CVE-2024-29849</code>, with a CVSS score of 9.8, could allow an unauthenticated attacker to login into the Veeam Backup Enterprise Manager web interface as any user. The flaw lies in the authentication mechanism of the web interface.</p><p>The vulnerability <code>CVE-2024-29850</code>, with a CVSS score of 8.8, could allow account takeover via NTLM relay.</p><p>The vulnerability <code>CVE-2024-29851</code>, with a CVSS score of 7.2, could allow a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default <code>Local System</code> account.</p><h2 id=\"affected-products\">Affected Products</h2><p>Veeam Backup Enterprise Manager versions before prior to <code>12.1.2.172</code> are affected.</p><h2 id=\"recommendations\">Recommendations</h2><p>It is strongly advised upgrading to the latest version as soon as possible.</p><h3 id=\"workaround\">Workaround</h3><p>For customers who are unable to upgrade Veeam Backup Enterprise Manager immediately, it is possible to mitigate these vulnerabilities by halting the Veeam Backup Enterprise Manager software.</p><p>To do so, the following services should be stopped and disabled:</p><ul><li>VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager);</li><li>VeeamRESTSvc (Veeam RESTful API Service).</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html\">https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/kb4581\">https://www.veeam.com/kb4581</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}