Forwarded from APT
May 21st, Veeam published an advisory stating that all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Backup Enterprise Manager web interface as any user. , the CVSS for this vulnerability is 9.8.
🔗 Source:
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
🔗 PoC:
https://github.com/sinsinology/CVE-2024-29849
#veeam #authentication #bypass #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from APT
A critical deserialization vulnerability in .NET Remoting has been discovered in Veeam Backup & Replication, allowing unauthenticated remote code execution (RCE). The flaw affects versions
12.1.2.172
and earlier.🔗 Research:
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
🔗 Source:
https://github.com/watchtowrlabs/CVE-2024-40711
#veeam #backup #deserialization #unauth #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
watchTowr Labs - Blog
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…