Exploit
CVE-2024-29849

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: May 22, 2024 / Updated: 6mo ago

010
No CVSS yetEPSS 0.04%
CVE info copied to clipboard

Summary

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

Impact

This vulnerability could allow an unauthorized attacker to gain complete control over the Veeam Backup Enterprise Manager web interface and perform any action as any legitimate user. This could lead to data theft, data destruction, system downtime, and other severe impacts depending on the level of access and permissions granted through successfully exploiting this flaw.

Exploitation

There is no evidence that a public proof-of-concept exists. Its exploitation has been reported by various sources, including securityonline.info.

Patch

No patch details are currently available for CVE-2024-29849. Security teams should closely monitor vendor communications and install any official patches or updates as soon as they are released to remediate this vulnerability.

Mitigation

Until an official patch is available, potential mitigations may include disabling the Veeam Backup Enterprise Manager web interface if it is not required, applying the latest updates and security configurations from Veeam, restricting access to the management interface, and closely monitoring systems for any suspicious activity or unauthorized access attempts.

Timeline

First Article

Feedly found the first article mentioning CVE-2024-29849. See article

Dec 6, 2023 at 7:56 PM / Veeam Support Knowledge Base
CVSS Estimate

Feedly estimated the CVSS score as HIGH

May 21, 2024 at 9:19 PM
Trending

This CVE started to trend in security discussions

May 22, 2024 at 5:57 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379859)

May 22, 2024 at 7:53 AM
CVE Assignment

NVD published the first details for CVE-2024-29849

May 22, 2024 at 11:15 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 8.6%)

May 23, 2024 at 11:12 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (197721)

May 23, 2024 at 3:17 PM
Trending

This CVE stopped trending in security discussions

May 28, 2024 at 6:21 PM
Exploitation in the Wild

Attacks in the wild have been reported by Cybersecurity News. See article

Jun 10, 2024 at 9:03 AM / Cybersecurity News
Static CVE Timeline Graph

Affected Systems

Veeam/veeam
+null more

Exploits

https://github.com/sinsinology/CVE-2024-29849
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

References

Bypassing Veeam Authentication CVE-2024-29849
This time, To prevent damage, the included post-exploitation technique in the poc just retrieves the list of internal file servers which should be enough to let people know the authentication has been bypassed, if you like to go full on APT with “post-exploitation” possibilities, simply, visit the following API Documentations I started from, the following method is executed when an authentication request is received, I’ll try to isolate differnt parts of the codes provided so you won’t get distracted but this is how the full implementation of this method looks like.
FOCUS FRIDAY: TPRM INSIGHTS ON POLYFILL SUPPLY CHAIN ATTACK AND MOVEit, CISCO NX-OS, OPENSSH, APACHE TOMCAT, PROGRESS’ WHATSUP GOLD, AND MICROSOFT MSHTML VULNERABILITIES
Black Kite helps TPRM professionals identify vendors affected by these vulnerabilities through its FocusTags TM, which provide detailed information about the exposed assets, such as IP addresses and subdomains. Black Kite assists TPRM professionals by identifying vendors affected by this vulnerability through its FocusTags, providing detailed information about exposed assets.

News

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION
SECURITY AFFAIRS MALWARE NEWSLETTE
Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION
SECURITY AFFAIRS MALWARE NEWSLETTE
U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog
Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days. . Ahold Delhaize experienced a cyber incident ...
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19
SECURITY AFFAIRS MALWARE NEWSLETTE
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19
See 269 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI