The Information Highway

The Information Highway
Font size: +
  Print
2 minutes reading time (369 words)

Critical VBEM vulnerability

43 Hits

Threat update

 A Veeam Backup Enterprise Manager (VBEM) security vulnerability, CVE-2024-29849, can pose serious risks for organizations. Users are advised to update their VBEM to the latest version immediately.

Technical Detail and Additional Info

What is the threat?

CVE-2024-29849 is an authentication bypass where unauthorized users can gain access with administrative rights without providing the correct login information. Attackers can take advantage of this vulnerability by creating a fake login token and sending it to VBEM's REST API service, which is supposed to verify the correct login information. However, the service currently fails to do its job, and are allowing the unauthorized user to have administrator privileges, creating severe security risks for companies. 

Why is it noteworthy?

This vulnerability is noteworthy because it allows unauthorized users to access a company's backup data, which is typically very sensitive and vital. In the wrong hands, this data can be used maliciously. 

What is the exposure or risk?

CVE-2024-29849 carries a high risk for leading companies to suffer from data theft and loss. This vulnerability can compromise different companies' backup data, making it hard for a company to recover from other technical problems. One of the most concerning risks is that these unauthorized users can dig deeper and access even more information/data within a company's network after gaining these administrative privileges. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of CVE-2024-29849:

  • Update VBEM to the latest version, 12.1.2.172 or higher.
  • Set up firewall policies that will block unauthorized access to VBEM networks ports, most importantly port 9398 for the REST API.
  • Restrict network access, allowing only trusted IP addresses access to VBEM.
  • Enable multi-factor authentication for extra security, as another way of authentication.
  • Use a Web Application Firewall to prevent malicious attempts to access VBEM.
  • Check access logs frequently and set up alerts for any type of suspicious activity, login attempts, and untrusted IP addresses.
  • Isolate the VBEM server from other important networks to prevent attacks and access to other areas.
  • Keep all types of software, in addition to VBEM, updated regularly to prevent these types of situations.

References

 If you have any questions, please contact LBT's Sales Engineer.

0
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Tags:
move block ​ Enterprise Manager VBEM security vulnerability
New typosquatting attack targeting Google users
New York Times source code stolen using exposed Gi...

About the author

LBT Technology Group, LLC.

LBT Technology Group, LLC.

As we navigate our ever-evolving cyber society, LBT Technology Group believes providing comprehensive IT services to others is essential. As a Managed IT Services Provider (MSP), we are positioned to eliminate your pain points by optimizing your technology, mitigating your cyber security risk footprint, and improving your cyber resilence. The focus we place on reducing the presistent cyber security risks to the confidentiality, integrity, and availability of your information systems and our proficiency in restoring IT services in the event of a cyber attack or technology outage separates us from our competitors--WE SIMPLIFY YOUR IT EQUATION.
Author's recent posts
More posts from author

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Tuesday, 18 June 2024

Captcha Image