Summary
Veeam has announced, through a security bulletin, the presence of 4 vulnerabilities, one of which is “critical”, in the Backup Enterprise Manager product that could allow a remote user to obtain elevated privileges on target systems.
Note (updated 06/11/2024): a Proof of Concept (PoC) for the exploitation of the CVE-2024-29849 vulnerability is available online.
Risk
Vulnerability impact estimate on the reference community: SEVERE/RED (79.28/100)1 (updated 06/11/2024)
Type
- Privilege Escalation
Affected products and versions
Backup Enterprise Manager, versions prior to build 12.1.2.172
Mitigation actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
Unique Vulnerability Identifiers
Here are only the CVEs for the “Critical” and “High” severity vulnerabilities:
References
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
