The Information Highway

The Information Highway

Font size: +
2 minutes reading time (332 words)

Veeam Backup security flaws

Threat update

There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass, credential sniffing, and privilege escalation. Review the details in this Cybersecurity Threat Advisory to limit customers' impact.

Technical Detail and Additional Info

What is the threat?

Backup servers are often prime targets of ransomware actors. Sensitive data often lives on it, and backups are key in remediation following a ransomware attack. All the vulnerabilities listed can be used by threat actors to destroy backups and allow them to further compromise the network and allow for easier lateral movement.

The CVEs issued include:

  • CVE-2024-39718
  • CVE-2024-40710
  • CVE-2024-40711
  • CVE-2024-40712
  • CVE-2024-40713
  • CVE-2024-40714

Why is it noteworthy?

Unauthenticated RCE vulnerabilities on a backup solution are extremely risky; backup servers often contain extremely sensitive data, and the availability of the data is critical in recovering from cyberattacks like ransomware. These vulnerabilities are very valuable to ransomware actors, and these types of vulnerabilities are perfect for a ransomware actor who is planning on exfiltrating data or destroying backups. 

What is the exposure or risk?

Focusing on the highest severity vulnerability, unauthenticated RCE, the exposure is based on how accessible the Veeam backup and response server is. Further, this vulnerability has a severe impact on the confidentiality, integrity, and availability of the backups and the backup server. This could have a huge impact during attacks such as ransomware and data theft. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of these vulnerabilities:

  • Update Veeam Backup and Replication to the latest version.
  • Create offline backups to ensure critical data remains protected, even in case of vulnerabilities before patches are applied.

References

WordPress.org to require 2FA for plugin developers...
Ivanti fixes maximum severity RCE bug in Endpoint ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023