CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager

Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. With a CVSS score of 7.7, this flaw is classified as a high-severity vulnerability, primarily affecting users of Veeam Backup Enterprise Manager who may be vulnerable to Man-in-the-Middle (MITM) attacks.

The vulnerability allows attackers to bypass authentication through a MITM attack, which could have significant implications for organizations relying on Veeam’s backup solutions for data security. According to the Veeam advisory, “this vulnerability in Veeam Backup Enterprise Manager allows attackers to bypass the authentication while performing a Man-in-the-Middle (MITM) attack.” Successful exploitation could potentially allow attackers to intercept, modify, or even halt data transmissions, exposing critical business data to unauthorized access.

Credit for discovering and responsibly disclosing CVE-2024-40715 goes to researchers ZDI, working through Hacker One.

Veeam has addressed this vulnerability with a hotfix for Veeam Backup Enterprise Manager version 12.2.0.334, released on November 6, 2024. Users with earlier versions of Veeam Backup Enterprise Manager, such as 12.1.2.172 or older, are urged to upgrade to version 12.2.0.334, which includes the essential fix to secure against this vulnerability.

For existing installations of Veeam Backup Enterprise Manager 12.2.0.334, the hotfix can be downloaded directly. After applying the hotfix, a reboot might be necessary, as the advisory notes, “please note that a reboot may be required after installing the hotfix.”

As this is a hotfix, it doesn’t change the build number of the software. To ensure the patch is applied, Veeam provides a way for administrators to validate the fix. “Validating that the hotfix has been deployed requires checking the hash value of the file present on the system and comparing it to the known hash value of the file included in the hotfix,” Veeam explains in the advisory.

Administrators can use the following PowerShell command to check the SHA1 hash of the patched DLL file:

Get-FileHash -Path 'C:\Program Files\Veeam\Backup and Replication\Enterprise Manager\Veeam.Backup.Enterprise.Core.dll' -Algorithm SHA1

The file hash should match the hotfix’s published SHA1 hash: FDC176FCE4825023F14462A51541C1DF591B28AC. Matching hashes confirm that the fix is correctly in place, reducing the risk of unauthorized access through MITM attacks.

Related Posts:

• Broadcom Urges Immediate Patching for Critical Symantec PAM Vulnerabilities
• PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication
• CISA Warns of Active Exploitation in SolarWinds Web Help Desk Vulnerability
• Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
• Fog & Akira Ransomware Exploit Critical Veeam RCE Flaw CVE-2024-40711 After PoC Release