Veeam warns of critical RCE vulnerability CVE-2024-4071 in Backup & Replication

Posted on 2024-09-06 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Veeam warns of a critical RCE vulnerability in Backup & Replication. Blog reader j. pointed out the vulnerability yesterday in the discussion area (thanks for that) – but I had already heard about it elsewhere. The vulnerability CVE-2024-4071 was classified with a CVSS index of 9.8, so it should be fixed as soon as possible. Veeam has therefore published corresponding updates to its Backup & Replication software to close these vulnerabilities. But there are other vulnerabilities in various products. Here is a brief overview of this topic.

Advertising

Vulnerabilities in several products

Veeam published Security Bulletin kb4649 on September 4, 2024 and modified it again on September 5. This document discloses a whole series of vulnerabilities in various products. Subsequent products should be updated promptly.

Veeam Backup & Replication
Veeam ONE
Veeam Service Provider Console
Veeam Agent for Linux
Veeam Backup for Nutanix AHV
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

RCE vulnerability CVE-2024-4071 and more

The following vulnerabilities affect Veeam Backup & Replication 12.1.2.172 and earlier builds of version 12 as well as older versions. Here is a brief overview:

  • CVE-2024-40711: The above mentioned vulnerability, which is the unauthenticated remote code execution (RCE) vulnerability reported by Florian Hauser of CODE WHITE Gmbh. CVSS v3.1 Score: 9.8, critical; There are currently no details on this critical vulnerability.
  • CVE-2024-40713: A vulnerability that allows a user assigned a low privileged role in Veeam Backup & Replication to change multi-factor authentication (MFA) settings and bypass MFA. CVSS v3.1 Score: 8.8, high
  • CVE-2024-40710: A set of related high-severity vulnerabilities, one of which allows remote code execution (RCE) as a service account and extraction of sensitive information (stored credentials and passwords). Exploitation of these vulnerabilities requires a user assigned a low privileged role within Veeam Backup & Replication. CVSS v3.1 Score: 8.8, high
  • CVE-2024-39718: A vulnerability that allows a user with low privileges to remotely remove files on the system with the same permissions as the service account. CVSS v3.1 Score: 8.1, high
  • CVE-2024-40714: A vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during recovery operations. CVSS v3.1 Score: 8.3, high
  • CVE-2024-40712: A path traversal vulnerability allows an attacker with a low privileged account and local access to the system to perform local privilege escalation (LPE). CVSS v3.1 Score: 7.8, high

All of the above vulnerabilities are fixed in Veeam Backup & Replication 12.2 (build 12.2.0.334). Details, including the vulnerabilities in the other Veeam products listed above, can be found in Security Bulletin kb4649.

Advertising
This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).