Veeam Urges Critical Update: Security Flaws Put Your Backup at Risk!

Veeam Backup Enterprise Manager users must update to the latest version due to a critical security flaw (CVE-2024-29849) that allows attackers to bypass authentication. Three other vulnerabilities have been identified, but all have been addressed in version 12.1.2.172. Update now to secure your system!

3P
Published: May 22, 2024 4:30 amAdded: August 16, 2024 at 10:48 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Veeam just handed out vulnerability CVEs like candy on Halloween. Time to patch up those security gaps, folks, before the hackers treat themselves to your data!

Key Points:

  • Critical flaw CVE-2024-29849 allows attackers to bypass authentication in Veeam Backup Enterprise Manager.
  • Other notable flaws include CVE-2024-29850 (account takeover via NTLM relay), CVE-2024-29851 (NTLM hash theft), and CVE-2024-29852 (log reading).
  • All vulnerabilities are patched in version 12.1.2.172.
  • Veeam has also fixed CVE-2024-29853 (local privilege escalation) and CVE-2024-29212 (remote code execution) in other products.
  • Previous vulnerabilities in Veeam Backup & Replication were exploited by threat groups like FIN7 and Cuba.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?