Patch now! Veeam Backup Enterprise Manager at risk from attacks
Because exploit code for a critical vulnerability in Veeam Backup Enterprise Manager is now in circulation, attacks may be imminent.
Updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Admins who manage backup instances in companies using Veeam Backup Enterprise Manager should update the application quickly. If this is not done, attackers can exploit a vulnerability and authenticate themselves as any user without logging into the web interface.
The vulnerability (CVE-2024-29849) is classified as"critical". It has been known since the end of May 2024. The developers state that they have closed the vulnerability in version 12.1.2.172. Four other vulnerabilities were also closed in this release. If attackers successfully exploit these vulnerabilities, they can take over existing accounts or gain unauthorized access to backup logs, among other things.
Beware of attacks
Exploit code from a security researcher is now in circulation that cyber criminals can abuse. According to him, the vulnerability is in the Veeam.Backup.Enterprise.RestAPIService.exe service. The service serves as a REST API for the main web application and listens on TCP port 9398. To initiate an attack, attackers must send a crafted VMware single sign-on (SSO) token to the vulnerable service via the API.
Videos by heise
Because Veeam does not verify the token, they can impersonate the admin. The security researcher provides further details on the attack in his detailed report. It also explains in detail how an attack can take place.
Patch now!
So far, however, there are no reports of ongoing attacks. However, as this can change at any time, admins should act immediately and install the secure version of Veeam Backup Enterprise Manager.
(des)
