Authentication Bypass by Capture-replay in Veeam Backup Enterprise Manager - CVE-2024-29851

 

Authentication Bypass by Capture-replay in Veeam Backup Enterprise Manager - CVE-2024-29851

Published: May 27, 2024


Vulnerability identifier: #VU89816
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-29851
CWE-ID: CWE-294
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Veeam
Affected software:
Veeam Backup Enterprise Manager

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to the way the application handles authentication. A remote privileged user can obtain the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account and escalate privileges.


How to mitigate CVE-2024-29851

Install updates from vendor's website.

Sources