Critical Veeam Vulnerability Patched: Secure Your Backup Manager Before Hackers Do!

Dive into Veeam’s cyber snafu where anyone could waltz into accounts—no RSVP needed. This “come one, come all” bug scored a 9.8 on the uh-oh meter, but fear not, a patch is here. Just update or disable faster than you can say “uninvited guest”! #VeeamVulnerabilityVanquished

Hot Take:

Oh, joy, another “Whoopsie daisy!” in the cybersecurity world. Veeam just patched a vulnerability in their VBEM that could’ve turned any John Doe into an admin superhero, minus the cape. With a severity score that’s one point shy of cybersecurity Armageddon, we’re lucky the digital sky isn’t falling… yet.

Key Points:

  • Critical vulnerability CVE-2024-29849 found in Veeam Backup Enterprise Manager (VBEM) could let anyone become an admin without even trying hard.
  • VBEM is the central hub for managing large-scale backup operations – not your average Joe’s USB stick backup tool.
  • Fear not, the flaw isn’t in the wild – VBEM isn’t on by default, and there’s a patch ready for action.
  • Can’t patch right this second? Veeam suggests disabling certain services or just yanking the whole thing out (uninstall, that is).
  • Veeam’s also patched a couple of other no-goodnik flaws, because when it rains, it pours.
Cve id: CVE-2024-29850
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 05/22/2024
Cve description: Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

Cve id: CVE-2024-29849
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 05/22/2024
Cve description: Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

Cve id: CVE-2024-29851
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 05/22/2024
Cve description: Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

Need to know more?

When Patching is Your Cardio

So, Veeam's been sweating bullets and has finally fixed a vulnerability that could've made their VBEM the Wild West of authentication bypasses. They've slapped a band-aid on CVE-2024-29849, a bug so bad it could've let any random keyboard warrior log in with full admin privileges. And since VBEM is like the Grand Central Station for enterprise backup management, you can imagine the chaos that would ensue if the wrong hands got on the controls.

Not All Doom and Gloom

Before you start panic-patching or throwing your computer out the window, take a breath. VBEM isn't even turned on by default, so the chances of this bug biting were not exactly sky-high. Still, Veeam's playing the better-safe-than-sorry card and urging folks to patch up pronto. If you can't, they've got a plan B: disable the VeeamEnterpriseManagerSvc and VeeamRESTSvc services. Or, if you're feeling particularly destructive, just nuke the whole thing by uninstalling VBEM. Sometimes, the simplest solutions are the most satisfying.

A Trifecta of Trouble

But wait, there's more! In a move that feels a bit like finding extra fries at the bottom of the bag, Veeam disclosed not one, but two additional vulnerabilities. CVE-2024-29850 is an account takeover via NTLM relay – think of it as a digital game of tag where you don't want to be "It." Then there's CVE-2024-29851, which lets high-rollers in the user hierarchy snatch the VBEM service account's NTLM hash. It's like stealing candy from a baby, if the baby were a highly secure enterprise management service.

Subscribe for More Drama

If you're the type who loves a good cybersecurity soap opera, sign up for the TechRadar Pro newsletter. It's chock-full of news, opinions, and tips to keep your business afloat in the ever-turbulent sea of IT. And if you're in the market for more cyber-safeguards, they've got lists of the best firewalls and endpoint protection tools to arm yourself with. Remember, in the world of cybersecurity, the pen (or the patch) is mightier than the sword.

From Sarajevo With Love

Our vigilant scribe, Sead Fadilpašić, hails from the scenic streets of Sarajevo. He’s been weaving tales of IT and cybersecurity for over a decade, with bylines in prestigious outlets like Al Jazeera Balkans. Not content with just reporting, he's also shaping young minds with content writing modules. So when Sead talks about ransomware gangs or data breaches, you listen – because it's not just news, it's a lesson in digital survival.

Tags: authentication bypass flaw, Critical Severity Vulnerability, CVE-2024-29849, enterprise security, NTLM Relay Attack, Veeam Backup Enterprise Manager, vulnerability patching