Veeam VBEM CVE-2024-29849 vulnerability

Veeam disclosed a new vulnerability regarding their Veeam Backup Enterprise  Manager (VBEM). The VBEM is a web-based platform that allows to perform administrative actions regarding backup and replication installations and helps to perform restoration and backup jobs. The VBEM option is not enabled by default

CVE-2024-29849, 9.8 critical (CVSS 3.1). “This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.” Stated by Veeam.

Veeam has also patched 2 High severity vulnerabilities:

CVE-2024-29850, 8.8 high (CVSS 3.1). This Vulnerability in Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

CVE-2024-29851, 7.2 high (CVSS 3.1). This vulnerability in Veeam Backup Enterprise Manager allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account.

Affected products:

• VBEM version > 12.1.2.172

Security recommendations:

Veeam has released patches in the version 12.1.2.172. If upgrading is not possible then Veeam recommends by disabling the VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager) and VeeamRESTSvc (Veeam RESTful API) services.