1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Veeam patches multiple critical remote code execution flaws

    From TechnologyDaily@1337:1/100 to All on Fri Sep 6 13:15:05 2024
    Veeam patches multiple critical remote code execution flaws

    Date:
    Fri, 06 Sep 2024 13:03:00 +0000

    Description:
    The company fixed a total of 18 flaws recently, five of which were critical
    in severity.

    FULL STORY ======================================================================

    Data backup and cloud data management company Veeam said it released multiple patches which fix more than a dozen flaws impacting different products. In a security advisory published earlier this week, Veeam said that it fixed a total of 18 bugs, five of which were deemed critical in severity.

    The first one is an unauthenticated remote code execution vulnerability found in Veeam Backup & Replication. It is tracked as CVE-2024-40711 and carries a severity score of 9.8. The second and third flaw are found in Veeam ONE. CVE-2024-42024, with a severity score of 9.1, allows threat actors owning Agent service account credentials to run remote code execution.

    CVE-2024-42019, on the other hand, has a slightly lower severity score (9.0), and allows threat actors to access the NTLM hash of the Veeam Reporter
    Service account. Secure versions

    Then there is a 9.9 severity bug in Veeam Service Provider Console, which grants low privileged attackers access to the NTLM hash of the service
    account on the server. This one is tracked as CVE-2024-38650. Finally, CVE-2024-39714, also a 9.9 flaw, is found in the same software, and grants low-privileged users the ability to upload arbitrary files.

    Other 13 flaws are mostly high-severity, granting multi-factor authentication (MFA) bypass, privilege escalation, remote code execution (RCE), and more.

    To ensure the security of their infrastructure, users are advised to update their software to the following versions: Veeam Backup & Replication 12.2 (build 12.2.0.334) Veeam Agent for Linux 6.2 (build 6.2.0.101) Veeam ONE
    v12.2 (build 12.2.0.4093) Veeam Service Provider Console v8.1 (build 8.1.0.21377) Veeam Backup for Nutanix AHV Plug-In v12.6.0.632 Veeam Backup
    for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299

    Via The Hacker News More from TechRadar Pro Veeam reveals critical security bug in Backup Enterprise Manager tool Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/veeam-patches-multiple-critical-remote- code-execution-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)