By LBT Technology Group, LLC. on Wednesday, 11 September 2024
Category: Security

Veeam Backup security flaws

Threat update

There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass, credential sniffing, and privilege escalation. Review the details in this Cybersecurity Threat Advisory to limit customers' impact.

Technical Detail and Additional Info

What is the threat?

Backup servers are often prime targets of ransomware actors. Sensitive data often lives on it, and backups are key in remediation following a ransomware attack. All the vulnerabilities listed can be used by threat actors to destroy backups and allow them to further compromise the network and allow for easier lateral movement.

The CVEs issued include:

Why is it noteworthy?

Unauthenticated RCE vulnerabilities on a backup solution are extremely risky; backup servers often contain extremely sensitive data, and the availability of the data is critical in recovering from cyberattacks like ransomware. These vulnerabilities are very valuable to ransomware actors, and these types of vulnerabilities are perfect for a ransomware actor who is planning on exfiltrating data or destroying backups. 

What is the exposure or risk?

Focusing on the highest severity vulnerability, unauthenticated RCE, the exposure is based on how accessible the Veeam backup and response server is. Further, this vulnerability has a severe impact on the confidentiality, integrity, and availability of the backups and the backup server. This could have a huge impact during attacks such as ransomware and data theft. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of these vulnerabilities:

References

 For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact LBT's Sales Engineer.

Related Posts

Leave Comments