SB2024120375 - Multiple vulnerabilities in Veeam Backup & Replication
Published: December 3, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40717)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server to execute a script with elevated privileges by configuring it as a pre-job or post-job task, thereby causing the script to be executed as LocalSystem.
2) Unprotected storage of credentials (CVE-ID: CVE-2024-42451)
CWE-ID: CWE-256 - Unprotected Storage of Credentials
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to gain access to other users' credentials.
The vulnerability exists due to application stores credentials in plain text on the system. A remote user with a role assigned in the Users and Roles settings on the backup server can access all saved credentials in a human-readable format.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-42452)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server can remotely upload files to connected ESXi hosts with elevated privileges.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-42453)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:U/U:Green
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server can control and modify the configuration of connected virtual infrastructure hosts.
5) Deserialization of Untrusted Data (CVE-ID: CVE-2024-42455)
CWE-ID: CWE-502 - Deserialization of Untrusted Data
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Green
The vulnerability allows a remote user to delete arbitrary files on the system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote user with a role assigned in the Users and Roles settings on the backup server can connect to remote services and exploit insecure deserialization by sending a serialized temporary file collection, thereby enabling the deletion of any file on the system with service account privileges.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-42456)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/U:Green
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server can gain access to privileged methods and control critical services.
7) Unprotected storage of credentials (CVE-ID: CVE-2024-42457)
CWE-ID: CWE-256 - Unprotected Storage of Credentials
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to gain access to other users' credentials.
The vulnerability exists due to application stored credentials in an insecure way. A remote user with certain assigned operator roles in the Users and Roles settings on the backup server can expose saved credentials by leveraging a combination of methods in the remote management interface.
8) Incorrect default permissions (CVE-ID: CVE-2024-45204)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions. A remote user with an assigned role in the Users and Roles settings on the backup server can obtain NTLM hashes of saved credentials.
Remediation
Install update from vendor's website.