Backup solutions from Veeam: Attackers can bypass MFA
Attackers can exploit several vulnerabilities in Veeam Backup & Replication, ONE and Co. Versions secured against this are available.
(Image: Sashkin/Shutterstock.com)
The backup solutions Veeam Agent for Linux, Backup for Nutanix AHV, Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization, Backup & Replication, ONE and Service Provider Console are vulnerable and attackers can completely compromise systems in the worst case.
Critical gap
The developers list information on the vulnerabilities in a post. Attackers can, for example, execute malicious code in Veeam Backup & Replication (CVE-2024-40711"critical") or bypass multi-factor authentication (MFA) with low user rights (CVE-2024-40713"high"). How attacks could work in detail is not yet known.
Videos by heise
Other threats
Agent for Linux is also vulnerable to root attacks (CVE-2024-40709"high"). If an attacker can access the ONE service account, remote malware attacks are conceivable (CVE-2024-42024"critical". In Service Provider Console, attackers can, for example, access NTLM hashes of service accounts (CVE-2024-38650"critical") or execute malicious code on servers (CVE-2024-39714"critical").
Admins should install the available security updates promptly for security reasons. So far, those responsible have not reported any attacks. Unfortunately, they also do not provide any details on how admins can detect systems that have already been attacked.
Issues secured against the attacks described are
- Agent for Linux 6.2 (build 6.2.0.101)
- Backup & Replication 12.2 (build 12.2.0.334)
ONE v12.2 (build 12.2.0.4093) - Service Provider Console v8.1 (buikd 8.1.0.21377)
- Backup for Nutanix AHV Plug-In v12.6.0.632
- Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299
(des)
