TechRadar

Veeam patches multiple critical remote code execution flaws

By Sead Fadilpašić,

2024-09-06

Data backup and cloud data management company Veeam said it released multiple patches which fix more than a dozen flaws impacting different products. In a security advisory published earlier this week, Veeam said that it fixed a total of 18 bugs, five of which were deemed critical in severity.

The first one is an unauthenticated remote code execution vulnerability found in Veeam Backup & Replication. It is tracked as CVE-2024-40711 and carries a severity score of 9.8. The second and third flaw are found in Veeam ONE. CVE-2024-42024, with a severity score of 9.1, allows threat actors owning Agent service account credentials to run remote code execution.

CVE-2024-42019, on the other hand, has a slightly lower severity score (9.0), and allows threat actors to access the NTLM hash of the Veeam Reporter Service account.

Secure versions

Then there is a 9.9 severity bug in Veeam Service Provider Console, which grants low privileged attackers access to the NTLM hash of the service account on the server. This one is tracked as CVE-2024-38650. Finally, CVE-2024-39714, also a 9.9 flaw, is found in the same software, and grants low-privileged users the ability to upload arbitrary files.

Other 13 flaws are mostly high-severity, granting multi-factor authentication (MFA) bypass, privilege escalation, remote code execution (RCE), and more.

To ensure the security of their infrastructure, users are advised to update their software to the following versions:

Veeam Backup & Replication 12.2 (build 12.2.0.334)
Veeam Agent for Linux 6.2 (build 6.2.0.101)
Veeam ONE v12.2 (build 12.2.0.4093)
Veeam Service Provider Console v8.1 (build 8.1.0.21377)
Veeam Backup for Nutanix AHV Plug-In v12.6.0.632
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299

Via The Hacker News

More from TechRadar Pro

Veeam reveals critical security bug in Backup Enterprise Manager tool
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Expand All

Read in NewsBreak

Comments /

Add a Comment

YOU MAY ALSO LIKE

Local News

Getting up to speed with AI is fuelling major cloud investment

TechRadar1 day ago

Lessons from the CrowdStrike outage: A wake-up call for software testing

TechRadar22 hours ago

Microsoft warns top file hosting services hijacked for email scams

TechRadar2 days ago

DC sniper Lee Boyd Malvo transferred from maximum security prison to a lower-level Virginia facility

Margaret Minnicks29 days ago

Mozilla warns of critical Firefox security flaw, so patch immediately

TechRadar1 day ago

Earth Will Have a "Second Moon" for 57 Days: What does this mean?

M Henderson7 days ago

Week's Buzz: Diddy's Mom, Cardi B Divorce & Freebies

Bryce Gruber3 days ago

The Meta Quest 3 just got much better for fitness, with new 3D yoga, Pilates, and meditation classes

TechRadar1 day ago

The new way biologists count Yellowstone-region grizzly bears, explained

WyoFile2 days ago

Live roach was found “in the process of dying on a plate over the make line" Florida diner shut down

Akeena6 days ago

New law allows tenants to report on-time rent payments to help credit score

The HD Post17 days ago

Vision screenings for driver’s license renewals will be required in ’25 to enhance driver safety

Northern Kentucky Tribune22 days ago

Order your free at-home COVID-19 tests now from federal government — here’s how

Northern Kentucky Tribune5 days ago

Ring security cams get powerful AI upgrade that can tell you who finished off the ice cream

TechRadar1 day ago

The Black Hills are thick with lions. But those that leave are unlikely to repopulate the East, study finds.

WyoFile11 days ago

How to watch 'Sweetpea' online and from anywhere – stream the comedy-crime drama

TechRadar2 days ago

You'll soon have even more free movies and shows to stream as DirecTV announces a new service

TechRadar20 hours ago

Order Free COVID-19 Tests at the End of September

Alameda Post16 days ago

NYT Strands today — hints, answers and spangram for Saturday, October 12 (game #223)

TechRadar13 hours ago

NIS2 & DORA: Staying ahead of the curve

TechRadar1 day ago

Report says 7 California cities make the top 10 for most expensive to cool home in America

The HD Post22 days ago

Cruise Ship Crew Member Given 30 Year Sentence for Secretly Recording Minors in Cabins

J. Souza24 days ago

The OnePlus 13 is confirmed to be on the way, with one major upgrade

TechRadar1 day ago

Pup Whose Owner Abandoned Her At Vet After Learning Price Of Treatment Is Searching For Family

Camilo Díaz17 days ago

50 houses remain empty; Brunswick Housing Authority says it’s due to its own mishaps

The Current GA2 hours ago

Former Staff Reveal Meghan Markle’s Extreme Anger Behind Closed Doors

André Emilio15 days ago

How to dispose of an inflated phone battery

TechRadar1 day ago

California drivers may be eligible for a payment from $50 Million gas settlement

The HD Post8 days ago

7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (October 11)

TechRadar22 hours ago

Colorado Parks and Wildlife recommends denial of Silver Spur Ranches claim for wolf damage

Matt Whittaker9 days ago

It’s essential to note our commitment to transparency:

Our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. As a platform hosting over 100,000 pieces of content published daily, we cannot pre-vet content, but we strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation.

Comments / 0

Community Policy