SB2024120375 - Multiple vulnerabilities in Veeam Backup & Replication

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40717)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server to execute a script with elevated privileges by configuring it as a pre-job or post-job task, thereby causing the script to be executed as LocalSystem.

2) Unprotected storage of credentials (CVE-ID: CVE-2024-42451)

The vulnerability allows a remote user to gain access to other users' credentials.

The vulnerability exists due to application stores credentials in plain text on the system. A remote user with a role assigned in the Users and Roles settings on the backup server can access all saved credentials in a human-readable format.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-42452)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server can remotely upload files to connected ESXi hosts with elevated privileges.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-42453)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server can control and modify the configuration of connected virtual infrastructure hosts.

5) Deserialization of Untrusted Data (CVE-ID: CVE-2024-42455)

The vulnerability allows a remote user to delete arbitrary files on the system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote user with a role assigned in the Users and Roles settings on the backup server can connect to remote services and exploit insecure deserialization by sending a serialized temporary file collection, thereby enabling the deletion of any file on the system with service account privileges.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-42456)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote user with a role assigned in the Users and Roles settings on the backup server can gain access to privileged methods and control critical services.

7) Unprotected storage of credentials (CVE-ID: CVE-2024-42457)

The vulnerability allows a remote user to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in an insecure way. A remote user with certain assigned operator roles in the Users and Roles settings on the backup server can expose saved credentials by leveraging a combination of methods in the remote management interface.

8) Incorrect default permissions (CVE-ID: CVE-2024-45204)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions. A remote user with an assigned role in the Users and Roles settings on the backup server can obtain NTLM hashes of saved credentials.

Remediation

Install update from vendor's website.

References

• https://www.veeam.com/kb4693