#1 Global Leader in Data Resilience

Veeam Security Bulletin (September 2024)

KB ID: 4649
Product: Veeam Backup & Replication | 11 | 12 | 12.1
Veeam ONE | 11 | 12 | 12.1
Veeam Service Provider Console | 6.0 | 7.0 | 8.0
Veeam Agent for Linux | 5.0 | 6.0 | 6.1
Veeam Backup for Nutanix AHV | 4.0 | 5.0 | 5.1
Veeam Backup for Red Hat Virtualization | 4.0
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization | 4.1
Published: 2024-09-04
Last Modified: 2024-12-03
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

All vulnerabilities documented in this article are resolved in the latest version of each product.

Veeam Product Latest Version Download Page

Veeam Software Security Commitment
Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program (VDP) for all Veeam products and perform extensive internal code audits. When a vulnerability is identified, our team promptly develops a patch to address and mitigate the risk. In line with our dedication to transparency, we publicly disclose the vulnerability and provide detailed mitigation information. This approach ensures that all potentially affected customers can quickly implement the necessary measures to safeguard their systems. It’s important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software. This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay.

Veeam Backup & Replication

Issue Details

All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and affect Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.

CVE-2024-40711

A vulnerability allowing unauthenticated remote code execution (RCE).

This vulnerability was reported by Florian Hauser with CODE WHITE Gmbh.

Severity: Critical
CVSS v3.1 Score: 9.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.

Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (saved credentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.

Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2024-39718

 A vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.

Severity: High
CVSS v3.1 Score: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2024-40714

A vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

Severity: High
CVSS v3.1 Score: 8.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE-2024-40712

A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).

Severity: High
CVSS v3.1 Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Solution

The vulnerabilities documented in this section were fixed starting in the following build:

Veeam Agent for Linux

Issue Details

The vulnerability disclosed in this section affects Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.

CVE-2024-40709

A vulnerability that allows a local low-privileged user on the machine to escalate their privileges to root level.

This vulnerability was reported via HackerOne.

Severity: High
CVSS v3.1 Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Solution

The vulnerabilities documented in this section were fixed starting in the following build:

Veeam ONE

Issue Details

All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and affect Veeam ONE 12.1.0.3208 and all earlier version 12 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.

CVE-2024-42024

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

This vulnerability was reported by Yashar Shahinzadeh (Voorivex Team) via HackerOne.

Severity: Critical
CVSS v3.1 Score: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2024-42019

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

Severity: Critical
CVSS v3.1 Score: 9.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVE-2024-42023

A vulnerability that allows low-privileged users to execute code with Administrator privileges remotely.

Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2024-42021

A vulnerability that allows an attacker with valid access tokens to access saved credentials.

Severity: High
CVSS v3.1 Score: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2024-42022

A vulnerability that allows an attacker to modify product configuration files.

Severity: High
CVSS v3.1 Score: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2024-42020

 A vulnerability in Reporter Widgets that allows HTML injection.

Severity: High
CVSS v3.1 Score: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Solution

The vulnerabilities documented in this section were fixed starting in the following build:

Veeam Service Provider Console

Issue Details

All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and affect Veeam Service Provider Console 8.0.0.19552 and all earlier version 8 and version 7 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.

CVE-2024-38650

A vulnerability that allows a low privileged attacker to access the NTLM hash of service account on the VSPC server.

This vulnerability was reported via HackerOne.

Severity: Critical
CVSS v3.1 Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2024-39714

 A vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.

This vulnerability was reported via HackerOne.

Severity: Critical
CVSS v3.1 Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2024-39715

A vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.

This vulnerability was reported via HackerOne.

Severity: High
CVSS v3.1 Score: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2024-38651

 A vulnerability that permits a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

This vulnerability was reported via HackerOne.

Severity: High
CVSS v3.1 Score: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2024-45206

 A vulnerability that allows an attacker to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.

This vulnerability was reported via HackerOne.

Severity: Medium
CVSS v3.1 Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Solution

The vulnerabilities documented in this section were fixed starting in the following build:

Veeam Backup for Nutanix AHV
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

Issue Details

The vulnerability disclosed in this section was discovered during internal testing and affects:

Unsupported plug-in versions are not tested, but are likely affected and should be considered vulnerable.

CVE-2024-40718

A vulnerability that allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.

Severity: High
CVSS v3.1 Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Solution

The vulnerabilities documented in this section were fixed starting in the following build:

All vulnerabilities documented in this article are resolved in the latest version of each product.

Veeam Product Latest Version Download Page

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.