Veeam Product Vulnerability Announcement
(Q3 2024)
All vulnerabilities documented in this article are resolved in the latest version of each product.
Veeam Backup & Replication
Issue Details
All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and are confirmed to affect Veeam Backup & Replication 12.1.2.
Veeam strongly recommends assuming that all previous (no longer supported) product versions are likely affected.
CVE-2024-40711
A vulnerability allowing unauthenticated remote code execution (RCE).
This vulnerability was reported via HackerOne.
Severity: Critical
CVSS v3.1 Score: 9.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2024-40713
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-40710
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (saved credentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-39718
A vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
Severity: High
CVSS v3.1 Score: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2024-40714
A vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
Severity: High
CVSS v3.1 Score: 8.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2024-40712
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
Severity: High
CVSS v3.1 Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Solution
The vulnerabilities documented in this section were fixed starting in the following build:
Veeam Agent for Linux
Issue Details
The vulnerability disclosed in this section is confirmed to affect Veeam Agent for Linux 6.1.2.
Veeam strongly recommends assuming that all previous (no longer supported) product versions are likely affected.
CVE-2024-40709
A vulnerability that allows a local low-privileged user on the machine to escalate their privileges to root level.
This vulnerability was reported via HackerOne.
Severity: High
CVSS v3.1 Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Solution
The vulnerabilities documented in this section were fixed starting in the following build:
Veeam ONE
Issue Details
All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and are confirmed to affect Veeam ONE 12.1.
Veeam strongly recommends assuming that all previous (no longer supported) product versions are likely affected.
CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
This vulnerability was reported via HackerOne.
Severity: Critical
CVSS v3.1 Score: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2024-42019
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
Severity: Critical
CVSS v3.1 Score: 9.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2024-42023
A vulnerability that allows low-privileged users to execute code with Administrator privileges remotely.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-42021
A vulnerability that allows an attacker with valid access tokens to access saved credentials.
Severity: High
CVSS v3.1 Score: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2024-42022
A vulnerability that allows an attacker to modify product configuration files.
Severity: High
CVSS v3.1 Score: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2024-42020
A vulnerability in Reporter Widgets that allows HTML injection.
Severity: High
CVSS v3.1 Score: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Solution
The vulnerabilities documented in this section were fixed starting in the following build:
Veeam Service Provider Console
Issue Details
All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and are confirmed to affect Veeam Service Provider Console 8.0.
Veeam strongly recommends assuming that all previous (no longer supported) product versions are likely affected.
CVE-2024-38650
A vulnerability that allows a low privileged attacker to access the NTLM hash of service account on the VSPC server.
This vulnerability was reported via HackerOne.
Severity: Critical
CVSS v3.1 Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2024-39714
A vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
This vulnerability was reported via HackerOne.
Severity: Critical
CVSS v3.1 Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2024-39715
A vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
This vulnerability was reported via HackerOne.
Severity: High
CVSS v3.1 Score: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2024-38651
A vulnerability that permits a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
This vulnerability was reported via HackerOne.
Severity: High
CVSS v3.1 Score: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Solution
The vulnerabilities documented in this section were fixed starting in the following build:
Veeam Backup for Nutanix AHV
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Issue Details
The vulnerability disclosed in this section was discovered during internal testing and is confirmed to affect:
- Veeam Backup for Nutanix AHV Plug-In 12.5
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4
Veeam strongly recommends assuming that all previous (no longer supported) product versions are likely affected.
CVE-2024-40718
A vulnerability that allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Solution
The vulnerabilities documented in this section were fixed starting in the following build:
All vulnerabilities documented in this article are resolved in the latest version of each product.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.