On 21 May 2024, Veeam a critical vulnerability in Veeam Backup Enterprise Manager, identified as CVE-2024-29849. This vulnerability allows an unauthenticated threat actor to log into the web interface as any user, posing a significant risk with a Common Vulnerability Scoring System (CVSS) score of 9.8. The affected application is an optional add-on application used to manage Veeam Backup & Replication via a web console in Veeam environments.?
There have been no reports of active exploitation in the wild, and Arctic Wolf has not identified a proof of concept (PoC) exploit for this vulnerability. Nonetheless, threat actors could potentially leverage CVE-2024-29849 to perform malicious actions such as gaining unauthorised access to sensitive data, manipulate data, or disrupt operations. While this specific application is not listed in CISA¡¯s Known Exploited Vulnerabilities Catalog, several other Veeam vulnerabilities have been exploited in the past such as CVE-2023-27532, which was used by ransomware threat actors in 2023 to .?
Recommendations for CVE-2024-29849
Upgrade To a Fixed Version of Veeam Backup Enterprise Manager
Arctic Wolf strongly recommends upgrading to Veeam Backup Enterprise Manager version 12.1.2.172, which addresses CVE-2024-29849. Please follow your organisation’s patching and testing guidelines to avoid any operational impact.?
| Affected Product? | Affected Versions? | Fixed Version? |
| Veeam Backup Enterprise Manager? | 5.0, 6.1, 6.5, 7.0, 8.0, 9.0, 9.5, 10, 11, 12, 12.1? | 12.1.2.172? |
Workaround(s)?
If upgrading immediately is not feasible, users can mitigate the risk by stopping and disabling the ‘VeeamEnterpriseManagerSvc’ and the ‘VeeamRESTSvc’. Ensure not to stop the ‘Veeam Backup Server RESTful API Service’.?
- Additionally, Veeam recommends uninstalling Backup enterprise manager if it is not in use within your environment, as it is an optional add-on application.?
References?
