Summary: Veeam has disclosed a high-severity security vulnerability (CVE-2024-40715) affecting Veeam Backup Enterprise Manager, which could allow attackers to bypass authentication via Man-in-the-Middle (MITM) attacks. A hotfix has been released to address this issue, and users are urged to upgrade to the latest version to secure their systems.
Threat Actor: Unknown | unknown
Victim: Veeam Backup Enterprise Manager | Veeam Backup Enterprise Manager
Key Point :
- Vulnerability CVE-2024-40715 allows MITM attacks to bypass authentication.
- CVSS score of 7.7 indicates a high severity risk for users of Veeam Backup Enterprise Manager.
- Hotfix released for version 12.2.0.334; users of earlier versions should upgrade immediately.
- Validation of the hotfix can be done by checking the SHA1 hash of the patched DLL file.
- Successful exploitation could lead to unauthorized access to critical business data.
Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. With a CVSS score of 7.7, this flaw is classified as a high-severity vulnerability, primarily affecting users of Veeam Backup Enterprise Manager who may be vulnerable to Man-in-the-Middle (MITM) attacks.
The vulnerability allows attackers to bypass authentication through a MITM attack, which could have significant implications for organizations relying on Veeam’s backup solutions for data security. According to the Veeam advisory, “this vulnerability in Veeam Backup Enterprise Manager allows attackers to bypass the authentication while performing a Man-in-the-Middle (MITM) attack.” Successful exploitation could potentially allow attackers to intercept, modify, or even halt data transmissions, exposing critical business data to unauthorized access.
Credit for discovering and responsibly disclosing CVE-2024-40715 goes to researchers ZDI, working through Hacker One.
Veeam has addressed this vulnerability with a hotfix for Veeam Backup Enterprise Manager version 12.2.0.334, released on November 6, 2024. Users with earlier versions of Veeam Backup Enterprise Manager, such as 12.1.2.172 or older, are urged to upgrade to version 12.2.0.334, which includes the essential fix to secure against this vulnerability.
For existing installations of Veeam Backup Enterprise Manager 12.2.0.334, the hotfix can be downloaded directly. After applying the hotfix, a reboot might be necessary, as the advisory notes, “please note that a reboot may be required after installing the hotfix.”
As this is a hotfix, it doesn’t change the build number of the software. To ensure the patch is applied, Veeam provides a way for administrators to validate the fix. “Validating that the hotfix has been deployed requires checking the hash value of the file present on the system and comparing it to the known hash value of the file included in the hotfix,” Veeam explains in the advisory.
Administrators can use the following PowerShell command to check the SHA1 hash of the patched DLL file:
The file hash should match the hotfix’s published SHA1 hash: FDC176FCE4825023F14462A51541C1DF591B28AC. Matching hashes confirm that the fix is correctly in place, reducing the risk of unauthorized access through MITM attacks.