Exploit for critical Veeam auth bypass available, patch now

From bleepingcomputer.com

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.

Veeam Backup Enterprise Manager (VBEM) is a web-based platform for managing Veeam Backup & Replication installations via a web console. It helps control backup jobs and perform restoration operations across an organization’s backup infrastructure and large-scale deployments.

Veeam issued a security bulletin about the critical flaw on May 21, warning about a critical vulnerability enabling remote unauthenticated attackers to log in to VBEM’s web interface as any user.

The vendor urged its customers to address the problem by upgrading to VBEM version, while also sharing mitigation tips for those unable to apply the update immediately.

Read more…