The Information Highway

The Information Highway
Font size: +
  Print
2 minutes reading time (332 words)

Veeam Backup security flaws

54 Hits

Threat update

There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass, credential sniffing, and privilege escalation. Review the details in this Cybersecurity Threat Advisory to limit customers' impact.

Technical Detail and Additional Info

What is the threat?

Backup servers are often prime targets of ransomware actors. Sensitive data often lives on it, and backups are key in remediation following a ransomware attack. All the vulnerabilities listed can be used by threat actors to destroy backups and allow them to further compromise the network and allow for easier lateral movement.

The CVEs issued include:

  • CVE-2024-39718
  • CVE-2024-40710
  • CVE-2024-40711
  • CVE-2024-40712
  • CVE-2024-40713
  • CVE-2024-40714

Why is it noteworthy?

Unauthenticated RCE vulnerabilities on a backup solution are extremely risky; backup servers often contain extremely sensitive data, and the availability of the data is critical in recovering from cyberattacks like ransomware. These vulnerabilities are very valuable to ransomware actors, and these types of vulnerabilities are perfect for a ransomware actor who is planning on exfiltrating data or destroying backups. 

What is the exposure or risk?

Focusing on the highest severity vulnerability, unauthenticated RCE, the exposure is based on how accessible the Veeam backup and response server is. Further, this vulnerability has a severe impact on the confidentiality, integrity, and availability of the backups and the backup server. This could have a huge impact during attacks such as ransomware and data theft. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of these vulnerabilities:

  • Update Veeam Backup and Replication to the latest version.
  • Create offline backups to ensure critical data remains protected, even in case of vulnerabilities before patches are applied.

References

 For more in-depth information about the recommendations, please visit the following links:


If you have any questions, please contact LBT's Sales Engineer.

0
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Tags:
RCE ) code execution vulnerabilities block ​ move
WordPress.org to require 2FA for plugin developers...
Ivanti fixes maximum severity RCE bug in Endpoint ...

About the author

LBT Technology Group, LLC.

LBT Technology Group, LLC.

As we navigate our ever-evolving cyber society, LBT Technology Group believes providing comprehensive IT services to others is essential. As a Managed IT Services Provider (MSP), we are positioned to eliminate your pain points by optimizing your technology, mitigating your cyber security risk footprint, and improving your cyber resilence. The focus we place on reducing the presistent cyber security risks to the confidentiality, integrity, and availability of your information systems and our proficiency in restoring IT services in the event of a cyber attack or technology outage separates us from our competitors--WE SIMPLIFY YOUR IT EQUATION.
Author's recent posts
More posts from author

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 19 September 2024

Captcha Image