CVE-2024-29853
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Published: May 22, 2024 / Updated: 6mo ago
010
No CVSS yetEPSS 0.04%
CVE info copied to clipboard
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
Timeline
First Article
Feedly found the first article mentioning CVE-2024-29853. See article
Dec 6, 2023 at 7:56 PM / Veeam Support Knowledge Base
CVSS Estimate
Feedly estimated the CVSS score as HIGH
May 21, 2024 at 9:19 PM
CVE Assignment
NVD published the first details for CVE-2024-29853
May 22, 2024 at 11:15 PM
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
May 22, 2024 at 11:19 PM
EPSS
EPSS Score was set to: 0.04% (Percentile: 8.6%)
May 23, 2024 at 11:12 AM
Affected Systems
Veeam/veeam
+null more
Links to Mitre Att&cks
T1083: File and Directory Discovery
+null more
Attack Patterns
CAPEC-127: Directory Indexing
+null more
News
How to upgrade Veeam Backup and Replication to v12.1.2.172
10.On the Veeam Backup & Replication 12.1 page, click Upgrade. This vulnerability in VBEM allows high-privileged users to read backup session logs.
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes
With these new fixes and updates, users impacted by these vulnerabilities should upgrade their systems as soon as possible, apply access restrictions, perform increased monitoring, and follow the general best practices for security. The problem: During the May 2024 Patch Tuesday security upgrades, Microsoft issued an emergency out-of-band (OOB) update (KB5039705) for Windows Server 2019 to address a bug that caused error 0x800f0982.
Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes
With these new fixes and updates, users impacted by these vulnerabilities should upgrade their systems as soon as possible, apply access restrictions, perform increased monitoring, and follow the general best practices for security. The problem: During the May 2024 Patch Tuesday security upgrades, Microsoft issued an emergency out-of-band (OOB) update (KB5039705) for Windows Server 2019 to address a bug that caused error 0x800f0982.
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web […]
Veeam 12.1.2 update (build 12.1.2.172) released
Veeam 12.1.2 update has been released for Veeam Backup & Replication 12.1 providing some new enhancements and addressing some critical security vulnerabilities . ISO - if you are running Veeam Backup & Replication 10a (build 10.0.1.4854) and above, download the ISO file and run the installer.
See 23 more articles and social media posts