Veeam Releases Critical Security Updates to Patch 18 Vulnerabilities, Including 5 Remote Code Execution Flaws

Veeam, a leading provider of backup and data management solutions, has released critical security updates addressing 18 vulnerabilities in its software, including five that could allow remote code execution (RCE). These vulnerabilities pose a significant threat to organizations, making it essential for users to update their Veeam products to the latest versions as soon as possible.

Overview of Critical Vulnerabilities

The most severe flaws include remote code execution vulnerabilities that can be exploited by attackers to gain unauthorized access and control over systems. Below are the details of the five critical vulnerabilities:

1. CVE-2024-40711 (CVSS score: 9.8) – A vulnerability in Veeam Backup & Replication that allows unauthenticated attackers to perform remote code execution.
2. CVE-2024-42024 (CVSS score: 9.1) – A vulnerability in Veeam ONE enabling attackers with access to Agent service account credentials to execute remote code on the underlying machine.
3. CVE-2024-42019 (CVSS score: 9.0) – A flaw in Veeam ONE that allows attackers to access the NTLM hash of the Veeam Reporter Service service account.
4. CVE-2024-38650 (CVSS score: 9.9) – A vulnerability in the Veeam Service Provider Console (VPSC) allowing low-privileged attackers to access the NTLM hash of the service account on the server.
5. CVE-2024-39714 (CVSS score: 9.9) – A vulnerability in VPSC permitting a low-privileged user to upload arbitrary files, leading to remote code execution on the server.

Additional High-Severity Vulnerabilities

In addition to these critical flaws, Veeam’s September 2024 update also addresses 13 high-severity vulnerabilities. These include issues such as privilege escalation, multi-factor authentication (MFA) bypass, and the execution of code with elevated privileges. These vulnerabilities could be leveraged by threat actors to gain higher levels of access within a compromised environment, further increasing the risk of ransomware attacks.

Versions Addressed

The following Veeam software versions have been updated to patch these vulnerabilities:

• Veeam Backup & Replication: 12.2 (build 12.2.0.334)
• Veeam Agent for Linux: 6.2 (build 6.2.0.101)
• Veeam ONE: v12.2 (build 12.2.0.4093)
• Veeam Service Provider Console (VPSC): v8.1 (build 8.1.0.21377)
• Veeam Backup for Nutanix AHV Plug-In: v12.6.0.632
• Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In: v12.5.0.299

Immediate Action Required to Mitigate Ransomware Risks

As Veeam software has increasingly become a lucrative target for ransomware attacks, it is imperative for users to update to the latest version of the affected software immediately. Failure to patch these vulnerabilities could leave organizations exposed to remote code execution attacks, unauthorized access, and other security threats that may lead to data breaches or ransomware infections.

Organizations using Veeam products should also consider additional measures such as implementing robust access controls, enabling multi-factor authentication (MFA), and regularly reviewing security logs to detect suspicious activity.

Conclusion

With five critical vulnerabilities and numerous high-severity flaws addressed, this Veeam security update is essential for maintaining the security of backup and data management infrastructure. Given the significant risks posed by these vulnerabilities, including the potential for ransomware attacks, organizations should prioritize updating to the latest Veeam versions as soon as possible.

For more information, visit the official Veeam support page and download the latest security updates.