Vulnerabilities Resolved in Veeam Backup & Replication 12.3
Oops! Something went wrong.
Please, try again later.
All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.
Veeam Backup & Replication
Issue Details
All vulnerabilities disclosed in this section affect Veeam Backup & Replication 12.2.0.334 and all earlier version 12 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
CVE-2024-40717
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to execute a script with elevated privileges by configuring it as a pre-job or post-job task, thereby causing the script to be executed as LocalSystem.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: Discovered during internal testing.
CVE-2024-42451
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to access all saved credentials in a human-readable format.
Severity: High
CVSS v3.1 Score: 7.7CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: Discovered during internal testing.
CVE-2024-42452
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to remotely upload files to connected ESXi hosts with elevated privileges.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: Discovered during internal testing.
CVE-2024-42453
A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to control and modify the configuration of connected virtual infrastructure hosts.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: Discovered during internal testing.
CVE-2024-42455
A vulnerability that allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to connect to remote services and exploit insecure deserialization by sending a serialized temporary file collection, thereby enabling the deletion of any file on the system with service account privileges.
Severity: High
CVSS v3.1 Score: 7.1CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Source: Reported via HackerOne.
CVE-2024-42456
A vulnerability that allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to gain access to privileged methods and control critical services.
Severity: High
CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: Reported via HackerOne.
CVE-2024-42457
A vulnerability that allows an authenticated user with certain assigned operator roles in the Users and Roles settings on the backup server to expose saved credentials by leveraging a combination of methods in the remote management interface.
Severity: High
CVSS v3.1 Score: 7.7CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: Discovered during internal testing.
CVE-2024-45204
A vulnerability that allows an authenticated user with an assigned role in the Users and Roles settings on the backup server to exploit insufficient permissions in credential handling, potentially leading to the leakage of NTLM hashes of saved credentials.
Severity: High
CVSS v3.1 Score: 7.7CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: Discovered during internal testing.
Solution
The vulnerabilities documented in this section were fixed starting in the following build:
Mitigation Information
The Veeam Backup & Replication vulnerabilities discussed in this section are related to the ability of an authenticated malicious user with a limited role (Viewer/Operator) to perform certain actions that are normally only possible with administrative privileges on the backup server. To mitigate these vulnerabilities until the backup server can be upgraded to version 12.3, simply remove untrusted and/or unnecessary users from the Users and Roles settings on the backup server for the time being.
- Review all users assigned a Role within Veeam Backup & Replication.
- For each user with an Operator or View role, assess internal necessity and remove access for users who do not strictly need it.
Veeam Agent for Microsoft Windows
Issue Details
The vulnerability disclosed in this section affects Veeam Agent for Microsoft Windows 6.2 and all earlier version 6 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
CVE-2024-45207
A vulnerability could lead to a DLL injection attack when the PATH environment variable is altered to include directories where an attacker can write files.
Severity: High
CVSS v3.1 Score: 7.0CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: Reported via HackerOne.
Solution
The vulnerability documented in this section was fixed starting in the following build:
Mitigation Information
The Veeam Agent for Microsoft Windows vulnerability discussed in this section can only be exploited in environments where directories that can be written to by untrusted users have been added to the PATH environment variable and whose presence is classified as a known CWE-426 weakness. As such, this vulnerability can be mitigated by removing such directories from the PATH variable.
Note: The default Windows PATH environment variable does not include paths writable by untrusted users.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.