On May 21, 2024, Veeam disclosed a critical vulnerability in Veeam Backup Enterprise Manager, identified as CVE-2024-29849. This vulnerability allows an unauthenticated threat actor to log into the web interface as any user, posing a significant risk with a Common Vulnerability Scoring System (CVSS) score of 9.8. The affected application is an optional add-on application used to manage Veeam Backup & Replication via a web console in Veeam environments.
There have been no reports of active exploitation in the wild, and Arctic Wolf has not identified a proof of concept (PoC) exploit for this vulnerability. Nonetheless, threat actors could potentially leverage CVE-2024-29849 to perform malicious actions such as gaining unauthorized access to sensitive data, manipulate data, or disrupt operations. While this specific application is not listed in CISA’s Known Exploited Vulnerabilities Catalog, several other Veeam vulnerabilities have been exploited in the past such as CVE-2023-27532, which was used by ransomware threat actors in 2023 to target critical infrastructure.
Recommendations for CVE-2024-29849
Upgrade To a Fixed Version of Veeam Backup Enterprise Manager
Arctic Wolf strongly recommends upgrading to Veeam Backup Enterprise Manager version 12.1.2.172, which addresses CVE-2024-29849. Please follow your organization’s patching and testing guidelines to avoid any operational impact.
| Affected Product | Affected Versions | Fixed Version |
| Veeam Backup Enterprise Manager | 5.0, 6.1, 6.5, 7.0, 8.0, 9.0, 9.5, 10, 11, 12, 12.1 | 12.1.2.172 |
Workaround(s)
If upgrading immediately is not feasible, users can mitigate the risk by stopping and disabling the ‘VeeamEnterpriseManagerSvc’ and the ‘VeeamRESTSvc’. Ensure not to stop the ‘Veeam Backup Server RESTful API Service’.
- Additionally, Veeam recommends uninstalling Backup enterprise manager if it is not in use within your environment, as it is an optional add-on application.
References
