Patch Now or Pay Later: Critical Veeam Security Flaws Demand Immediate Attention

Veeam Backup Enterprise Manager users need to update ASAP due to a critical security flaw (CVE-2024-29849) that lets attackers bypass authentication. With a CVSS score of 9.8, this bug is no joke. Other vulnerabilities have also been patched, so don’t wait—secure your systems now!

3P
Published: May 22, 2024 4:30 amAdded: August 16, 2024 at 1:41 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It looks like Veeam’s backup system needs some backing up of its own! With a CVE score of 9.8, it’s clear that even cyber villains need a break from robbing banks to try their hand at hacking backup systems. Time to patch up, folks!

Key Points:

  • Critical flaw CVE-2024-29849 allows unauthorized access to Veeam Backup Enterprise Manager web interface.
  • Three other vulnerabilities (CVE-2024-29850, CVE-2024-29851, CVE-2024-29852) also present in the same product.
  • All issues are resolved in version 12.1.2.172 of Veeam Backup Enterprise Manager.
  • Recent fixes include CVE-2024-29853 (Veeam Agent for Windows) and CVE-2024-29212 (Veeam Service Provider Console).
  • Patching is crucial to avoid exploitation by threat actors like FIN7 and Cuba.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?