The Information Highway

The Information Highway

Font size: +
2 minutes reading time (369 words)

Critical VBEM vulnerability

Threat update

 A Veeam Backup Enterprise Manager (VBEM) security vulnerability, CVE-2024-29849, can pose serious risks for organizations. Users are advised to update their VBEM to the latest version immediately.

Technical Detail and Additional Info

What is the threat?

CVE-2024-29849 is an authentication bypass where unauthorized users can gain access with administrative rights without providing the correct login information. Attackers can take advantage of this vulnerability by creating a fake login token and sending it to VBEM's REST API service, which is supposed to verify the correct login information. However, the service currently fails to do its job, and are allowing the unauthorized user to have administrator privileges, creating severe security risks for companies. 

Why is it noteworthy?

This vulnerability is noteworthy because it allows unauthorized users to access a company's backup data, which is typically very sensitive and vital. In the wrong hands, this data can be used maliciously. 

What is the exposure or risk?

CVE-2024-29849 carries a high risk for leading companies to suffer from data theft and loss. This vulnerability can compromise different companies' backup data, making it hard for a company to recover from other technical problems. One of the most concerning risks is that these unauthorized users can dig deeper and access even more information/data within a company's network after gaining these administrative privileges. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of CVE-2024-29849:

  • Update VBEM to the latest version, 12.1.2.172 or higher.
  • Set up firewall policies that will block unauthorized access to VBEM networks ports, most importantly port 9398 for the REST API.
  • Restrict network access, allowing only trusted IP addresses access to VBEM.
  • Enable multi-factor authentication for extra security, as another way of authentication.
  • Use a Web Application Firewall to prevent malicious attempts to access VBEM.
  • Check access logs frequently and set up alerts for any type of suspicious activity, login attempts, and untrusted IP addresses.
  • Isolate the VBEM server from other important networks to prevent attacks and access to other areas.
  • Keep all types of software, in addition to VBEM, updated regularly to prevent these types of situations.

References

 If you have any questions, please contact LBT's Sales Engineer.

New typosquatting attack targeting Google users
New York Times source code stolen using exposed Gi...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Saturday, 23 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023