Severity Level: High
Title:
Vulnerability in Veeam Products
Summary:
Multiple high-severity vulnerabilities have been discovered in Veeam Backup & Replication and Veeam Agent for Microsoft Windows.
These vulnerabilities (CVE-2024-40717, CVE-2024-42451, CVE-2024-42452, CVE-2024-42453, CVE-2024-42455, CVE-2024-42456, CVE-2024-42457, CVE[1]2024-45204, CVE-2024-45207)
allow authenticated users with assigned roles to perform various malicious actions, including executing scripts with elevated privileges, accessing saved credentials, uploading files to connected hosts, modifying configurations, and exploiting insecure deserialization. The vulnerabilities have CVSS v3.1 scores ranging from 7.0 to 8.8, indicating high severity
Affected Versions:
•Veeam Backup & Replication 12.2.0.334 and all earlier version 12 builds.
• Veeam Agent for Microsoft Windows 6.2 and all earlier version 6 builds.( CVE-2024-45207)
Fixed Versions:
•Veeam Backup & Replication 12.3 (build 12.3.0.310)
• Veeam Agent for Microsoft Windows 6.3 (build 6.3.0.177) — Included with Veeam Backup & Replication 12.3
Recommendations:
Upgrade Veeam Backup & Replication to the latest fixed version to patch the identified vulnerabilities.
References:
click here