Home > Security Bulletins > Veeam Backup & Replication Remote Code Execution – CVE-2024-40711

Veeam Backup & Replication Remote Code Execution – CVE-2024-40711

Monday 9th September 2024

Introduction

Veeam has released a security bulletin for multiple vulnerabilities in its products, including a Critical severity Remote Code Execution bug. All vulnerabilities listed below have been patched with the latest product updates.

The most pressing vulnerabilities are as follow:

Veeam Backup & Replication

CVE-2024-40711 – A vulnerability allowing unauthenticated remote code execution (RCE). (CVSS v3.1: 9.8 [Critical])

CVE-2024-40713 – A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. (CVSS v3.1: 8.8 [High])

CVE-2024-40710 – A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (saved credentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. (CVSS v3.1: 8.8 [High])

Veeam Agent for Linux

CVE-2024-40709A vulnerability that allows a local low-privileged user on the machine to escalate their privileges to root level. (CVSS v3.1: 7.8 [High])

Veeam ONE

CVE-2024-42024 – A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. (CVSS v3.1: 9.1 [Critical])

CVE-2024-42019 – A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication. (CVSS v3.1: 9.0 [Critical])

CVE-2024-42023 – A vulnerability that allows low-privileged users to execute code with Administrator privileges remotely. (CVSS v3.1: 8.8 [High])

Veeam Service Provider Console

CVE-2024-38650 – A vulnerability that allows a low privileged attacker to access the NTLM hash of service account on the VSPC server. (CVSS v3.1: 9.9 [Critical])

CVE-2024-39714 –  A vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. (CVSS v3.1: 9.9 [Critical])

CVE-2024-39715 – A vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. (CVSS v3.1: 8.5 [High])

Veeam Backup for Nutanix AHV / Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

CVE-2024-40718 – A vulnerability that allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. (CVSS v3.1: 8.8 [High])

Affected Products

Veeam Backup & Replication <= 12.1.2.172
Veeam ONE <= 6.1.2.1781
Veeam Service Provider Console <= 8.0.0.19552
Veeam Agent for Linux <= 6.1.2.1781
Veeam Backup for Nutanix AHV <= 12.5.1.8
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization <= 12.4.1.45

Fixed Versions

Latest versions with security updates for all of these vulnerabilities are available at https://www.veeam.com/products/downloads/latest-version.html