Veeam Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Veeam products. A remote attacker could exploit this vulnerability to trigger elevation of privilege,  remote code execution, data manipulation, security restriction bypass and sensitive information disclosure on the targeted system.

Note:

CVE-2024-40711 is being exploited in the wild. The vulnerability is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to trigger remote code execution. 

Impact

• Information Disclosure
• Security Restriction Bypass
• Elevation of Privilege
• Data Manipulation
• Remote Code Execution

System / Technologies affected

• Veeam Backup & Replication 12.1.2.172 and all earlier than version 12 builds
• Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds
• Veeam ONE 12.1.0.3208 and all earlier version 12 builds
• Veeam Service Provider Console 8.0.0.19552 and all earlier version 8 and version 7 builds
• Veeam Backup for Nutanix AHV Plug-In 12.5.1.8 and all earlier verion 12 builds
• Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4.1.45 and all earlier version 12 builds

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://www.veeam.com/kb4649

Vulnerability Identifier

• CVE-2024-38650
• CVE-2024-38651
• CVE-2024-39714
• CVE-2024-39715
• CVE-2024-39718
• CVE-2024-40709
• CVE-2024-40710
• CVE-2024-40711
• CVE-2024-40712
• CVE-2024-40713
• CVE-2024-40714
• CVE-2024-40718
• CVE-2024-42019
• CVE-2024-42020
• CVE-2024-42021
• CVE-2024-42022
• CVE-2024-42023
• CVE-2024-42024

Source

• Veeam

Related Link

• https://www.veeam.com/kb4649
• https://news.sophos.com/en-us/2024/11/08/veeam-exploit-seen-used-again-with-a-new-ransomware-frag/