Wilson's Media

A Tech & Gaming Blog

Veeam patches multiple critical remote code execution flaws

Data backup and cloud data management company Veeam said it released multiple patches which fix more than a dozen flaws impacting different products. In a security advisory published earlier this week, Veeam said that it fixed a total of 18 bugs, five of which were deemed critical in severity.

The first one is an unauthenticated remote code execution vulnerability found in Veeam Backup & Replication. It is tracked as CVE-2024-40711 and carries a severity score of 9.8. The second and third flaw are found in Veeam ONE. CVE-2024-42024, with a severity score of 9.1, allows threat actors owning Agent service account credentials to run remote code execution.

CVE-2024-42019, on the other hand, has a slightly lower severity score (9.0), and allows threat actors to access the NTLM hash of the Veeam Reporter Service account.

Secure versions

Then there is a 9.9 severity bug in Veeam Service Provider Console, which grants low privileged attackers access to the NTLM hash of the service account on the server. This one is tracked as CVE-2024-38650. Finally, CVE-2024-39714, also a 9.9 flaw, is found in the same software, and grants low-privileged users the ability to upload arbitrary files.

Other 13 flaws are mostly high-severity, granting multi-factor authentication (MFA) bypass, privilege escalation, remote code execution (RCE), and more.

To ensure the security of their infrastructure, users are advised to update their software to the following versions:

  • Veeam Backup & Replication 12.2 (build 12.2.0.334)
  • Veeam Agent for Linux 6.2 (build 6.2.0.101)
  • Veeam ONE v12.2 (build 12.2.0.4093)
  • Veeam Service Provider Console v8.1 (build 8.1.0.21377)
  • Veeam Backup for Nutanix AHV Plug-In v12.6.0.632
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299

Via The Hacker News

More from TechRadar Pro


Source

Data backup and cloud data management company Veeam said it released multiple patches which fix more than a dozen flaws impacting different products. In a security advisory published earlier this week, Veeam said that it fixed a total of 18 bugs, five of which were deemed critical in severity. The…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives