Veeam, a leading provider of data management solutions, issued a critical warning to its customers regarding a vulnerability discovered in its Backup Enterprise Manager (VBEM) platform. Tracked as CVE-2024-29849, this Veeam vulnerability allows unauthorized attackers access to any account through the VBEM system.
VBEM serves as a vital web-based tool for administrators, offering a centralized platform to manage Veeam Backup and Replication installations. It streamlines backup operations and facilitates restoration tasks across extensive backup infrastructures and organizational deployments.
Understanding the Veeam Vulnerability List
According to the official report, VBEM is not activated by default, meaning not all environments are vulnerable to exploits targeting CVE-2024-29849. However, Veeam has rated this vulnerability with a CVSS base score of 9.8, depending on the severity of its exploitability.
Alongside CVE-2024-29849, several other vulnerabilities have been identified in VBEM, including CVE-2024-29850, CVE-2024-29851, and CVE-2024-29852. These vulnerabilities vary in severity, with some allowing account takeovers and unauthorized access to sensitive data.
To address these security concerns, Veeam released a fix in its Veeam Backup Enterprise Manager version 12.1.2.172. This updated version is packaged with Veeam Backup and Replication 12.1.2 (build 12.1.2.172), providing a comprehensive solution to mitigate the identified vulnerabilities.
Mitigation Against the Veeam Vulnerabilities
Although immediate patching is recommended but for customers unable to so, Veeam recommends halting the VBEM software and disabling specific services associated with it. This temporary workaround helps minimize the risk of exploitation until the system is fully patched.
When uninstalling Veeam Backup Enterprise Manager, only the application is removed, leaving the configuration database and stored data intact. Reinstallation is easy with preconfigured settings, but manual deletion of the database is recommended if it won’t be reused.
Following are the steps to uninstall VBEM:
- From the Control Panel, navigate to Programs and Features.
- Find Veeam Backup and Replication, right-click, and select Uninstall.
- Ensure the checkbox next to Veeam Backup Enterprise Manager is selected, then click Remove.
Veeam also emphasized the importance of regular vulnerability testing, particularly against actively supported versions of Veeam Backup & Replication. By staying vigilant and proactive in addressing security vulnerabilities, organizations can enhance their overall cybersecurity posture and safeguard against potential threats.
It’s worth noting that additional vulnerabilities have been reported in Veeam products, such as the Veeam Service Provider Console (VSPC) server and Veeam Recovery Orchestrator. These vulnerabilities, including CVE-2024-29212 and CVE-2024-22022, highlight the importance of ongoing security assessments and prompt patching to mitigate potential risks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
