Veeam recently released a series of critical security updates for several of its solutions, including Veeam Backup & Replication, Veeam Service Provider Console and Veeam ONE. A total of 18 vulnerabilities have been fixed, aiming to strengthen the security of enterprise backup infrastructures.
Critical Vulnerability in Veeam Backup & Replication
The most high-profile patch addresses a very critical vulnerability in Veeam Backup & Replication (VBR), a widely used tool for managing and securing backups within organizations. This vulnerability, CVE-2024-40711, can lead to “remote code execution” (RCE), which allows attackers to remotely execute malicious code without requiring authentication. This makes the solution especially susceptible to attacks, such as ransomware, where attackers can perform lateral movements within the network.
When attackers exploit this vulnerability, they can attack and encrypt backups, leading to ‘double’ extortion moments. Businesses risk having their backups deleted or made inaccessible, putting them in a vulnerable position and potentially forcing them to pay ransom. In the past, notorious ransomware groups such as Conti, REvil, Maze, Egregor and BlackBasta have already attempted to exploit vulnerabilities in Veeam VBR.
The patched vulnerability affects Veeam VBR version 12.1.2.172 and all earlier versions starting with 12.0. Veeam strongly recommends that users update to version 12.2.0.334 immediately to minimize security risks.
Additional Patches for Veeam Backup & Replication
In addition to the critical vulnerability mentioned above, Veeam has also addressed five other security issues in Veeam VBR. These vulnerabilities, designated CVE-2024-40710, CVE-2024-40713, CVE-2024-40714, CVE-2024-39718 and CVE-2024-40712, are classified as “high” risk and have been patched in the update for version 12.1.2.172 and older.
Veeam Service Provider Console
Veeam Service Provider Console, a widely used backup management solution for service providers, has also received important security updates. Vulnerability CVE-2024-38650 has been fixed, which allowed attackers with low user privileges to access the NTLM hash of the service account on the VSPC server. In addition, vulnerability CVE-2024-39714 has been addressed, which now makes it impossible for a user with low privileges to upload arbitrary files to the server and thus perform RCE attacks.
Patches for Veeam ONE
Veeam ONE, a monitoring and analysis solution for backup environments, also received important security updates. Vulnerability CVE-2024-42024, which allowed attackers to execute RCE on the host machine via a ONE Agent service account, has been fixed. Additionally, vulnerability CVE-2024-42019, which allowed hackers to access the NTLM hash of the Reporter Service account, after previous data collection via Veeam VBR, has been patched.
Why These Updates Are Important
This series of patches highlights the importance of regular updates for organizations using Veeam solutions to protect their backups and critical data. Fixed vulnerabilities pose a real risk to businesses and can lead to serious breaches, especially when ransomware groups exploit such weaknesses.
To keep your infrastructure secure, IT administrators are advised to update all Veeam solutions to the latest versions as soon as possible. Performing these updates is critical to preventing attacks and ensuring the integrity of corporate data fortunately for all of us it is “super logical” and the customers still using Veeam are all patched.
If you need help, we are happy to help!
