Critical Flaws in Veeam ONE Expose Systems to RCE (CVE-2024-42024) and Credential Theft (CVE-2024-42019)

Veeam has issued a critical security advisory detailing multiple vulnerabilities affecting Veeam ONE, a comprehensive monitoring solution for virtual and data protection environments. These vulnerabilities, which affect Veeam ONE 12.1.0.3208 and all earlier builds, expose systems to remote code execution (RCE), credential theft, and configuration tampering. Organizations using Veeam ONE are urged to apply the latest patches to mitigate these risks.

Key Vulnerabilities and their Impact:

• CVE-2024-42024 (CVSS 9.1): Remote Code Execution (Critical) This vulnerability allows an attacker with knowledge of the Veeam ONE Agent service account credentials to execute arbitrary code on the machine hosting the agent, potentially leading to complete system takeover.

• CVE-2024-42019 (CVSS 9.0): NTLM Hash Disclosure (Critical) This vulnerability could enable an attacker to capture the NTLM hash of the Veeam Reporter Service service account, facilitating further attacks such as pass-the-hash.

• CVE-2024-42023 (CVSS 8.8): Privilege Escalation (High) This vulnerability allows low-privileged users to execute code with administrative privileges remotely, amplifying the potential impact of an attack.

• CVE-2024-42021 (CVSS 7.5): Credential Access (High) Attackers with valid access tokens can exploit this vulnerability to gain access to saved credentials, potentially leading to unauthorized access to sensitive data.

• CVE-2024-42022 (CVSS 7.5): Configuration Modification (High) This vulnerability allows attackers to modify product configuration files, which can lead to service disruption or system misconfiguration.

• CVE-2024-42020 (CVSS 7.3): HTML Injection (Medium) A vulnerability in Reporter Widgets allows for HTML injection attacks, potentially leading to cross-site scripting or other malicious activities.

Affected Versions and Remediation:

All Veeam ONE versions prior to v12.2 (build 12.2.0.4093) are affected. Veeam has released an updated version that addresses these vulnerabilities. Organizations are strongly urged to apply this update immediately to mitigate these risks.

No Workarounds — Patch Now

Veeam has confirmed that there are no workarounds for these vulnerabilities. Organizations are urged to upgrade to Veeam ONE v12.2 (build 12.2.0.4093), which contains patches addressing all the flaws mentioned in this advisory.

Related Posts:

• Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
• Veeam Users Beware: PoC Exploit for Critical CVE-2024-29849 Flaw Released
• Veeam Patches Critical Security Flaw in Recovery Orchestrator (CVE-2024-29855)
• CVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed