CVE-2024-29849: Critical Authentication Bypass in Veeam Backup Enterprise Manager

Share :

On May 21, 2024, Veeam disclosed a critical vulnerability in Veeam Backup Enterprise Manager, identified as CVE-2024-29849. This vulnerability allows an unauthenticated threat actor to log into the web interface as any user, posing a significant risk with a Common Vulnerability Scoring System (CVSS) score of 9.8. The affected application is an optional add-on application used to manage Veeam Backup & Replication via a web console in Veeam environments. 

There have been no reports of active exploitation in the wild, and Arctic Wolf has not identified a proof of concept (PoC) exploit for this vulnerability. Nonetheless, threat actors could potentially leverage CVE-2024-29849 to perform malicious actions such as gaining unauthorized access to sensitive data, manipulate data, or disrupt operations. While this specific application is not listed in CISA’s Known Exploited Vulnerabilities Catalog, several other Veeam vulnerabilities have been exploited in the past such as CVE-2023-27532, which was used by ransomware threat actors in 2023 to target critical infrastructure. 

Recommendations for CVE-2024-29849

Upgrade To a Fixed Version of Veeam Backup Enterprise Manager

Arctic Wolf strongly recommends upgrading to Veeam Backup Enterprise Manager version, which addresses CVE-2024-29849. Please follow your organization’s patching and testing guidelines to avoid any operational impact. 

Affected Product  Affected Versions  Fixed Version 
Veeam Backup Enterprise Manager  5.0, 6.1, 6.5, 7.0, 8.0, 9.0, 9.5, 10, 11, 12, 12.1 


If upgrading immediately is not feasible, users can mitigate the risk by stopping and disabling the ‘VeeamEnterpriseManagerSvc’ and the ‘VeeamRESTSvc’. Ensure not to stop the ‘Veeam Backup Server RESTful API Service’. 

  • Additionally, Veeam recommends uninstalling Backup enterprise manager if it is not in use within your environment, as it is an optional add-on application. 


Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Subscribe to our Monthly Newsletter