Critical Vulnerabilities Patched in Veeam Products

Alexander Ervik Johnsen CVE, patch, Veeam, Vulnerabilities 2024-09-07

On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five of these vulnerabilities, which are classified as critical.

Vulnerability	CVSS	Affected Product	Description
CVE-2024-40711	9.8	Veeam Backup and Replication	Enables an unauthenticated attacker to achieve remote code execution (RCE).
CVE-2024-42024	9.1	Veeam ONE	Allows an attacker with Veeam ONE Agent service account credentials to achieve RCE on the machine where the Veeam ONE Agent is installed.
CVE-2024-42019	9.0	Veeam ONE	An attacker can exploit this vulnerability to obtain the NTLM hash of the Veeam Reporter Service account, but it requires user interaction and data from Veeam Backup & Replication.
CVE-2024-38650	9.9	Veeam Service Provider Console	A vulnerability that allows access to the NTLM hash of a service account on the VSPC server by a low-privileged attacker.
CVE-2024-39714	9.9	Veeam Service Provider Console	Enables RCE on the VSPC server by permitting a low-privileged user to upload arbitrary files to the server.

Arctic Wolf has not observed any exploitation of these vulnerabilities in the wild and has not identified any publicly available proof of concept (PoC) exploit code. Veeam Backup & Replication, in particular, has been a frequent target for ransomware groups due to its critical role in backup and recovery. Given this historical targeting, threat actors may try to reverse engineer the patches and develop exploits to take advantage of these vulnerabilities in the near future.

Recommendation

Upgrade to Latest Fixed Version

Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.

Product	Affected Version	Fixed Version
Veeam Backup and Replication	12.1.2.172 and all earlier version 12 builds.	12.2 (build 12.2.0.334)
Veeam ONE	12.1.0.3208 and all earlier version 12 builds	v12.2 (build 12.2.0.4093)
Veeam Service Provider Console	8.0.0.19552 and all earlier version 8 builds.	v8.1 (build 8.1.0.21377)

Please follow your organization’s patching and testing guidelines to avoid any operational impact.

References

Veeam Security Bulletin

Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.

Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.

Critical Vulnerabilities Patched in Veeam Products

Recommendation

Upgrade to Latest Fixed Version

References

Related Posts

Lenovo Launches ThinkAgile HX Mine with Veeam

Nutanix Mine with Veeam Full Deployment and Demonstration

Veeam Helps Sydney Living Museums Bring History Back to Life with Cloud Data Management Solutions

CXO Research: Organizations Can Lose $20 Million Each Year Due To Poor Data Management

Nutanix Mine with Veeam Simplifies Secondary Storage