Share This:

Cybersecurity Threat AdvisoryA Veeam Backup Enterprise Manager (VBEM) security vulnerability, CVE-2024-29849, can pose serious risks for organizations. Users are advised to update their VBEM to the latest version immediately. Read this Cybersecurity Threat Advisory to learn about which actions to take to prevent unwanted access.

What is the threat?

CVE-2024-29849 is an authentication bypass where unauthorized users can gain access with administrative rights without providing the correct login information. Attackers can take advantage of this vulnerability by creating a fake login token and sending it to VBEM’s REST API service, which is supposed to verify the correct login information. However, the service currently fails to do its job and is allowing the unauthorized user to have administrator privileges, creating severe security risks for companies.

Why is it noteworthy?

This vulnerability is noteworthy because it allows unauthorized users to access a company’s backup data, which is typically very sensitive and vital. In the wrong hands, this data can be used maliciously.

What is the exposure or risk?

CVE-2024-29849 carries a high risk of leading companies to suffer from data theft and loss. This vulnerability can compromise different companies’ backup data, making it hard for a company to recover from other technical problems. One of the most concerning risks is that these unauthorized users can dig deeper and access even more information/data within a company’s network after gaining these administrative privileges.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the impact of CVE-2024-29849:

  • Update VBEM to the latest version, 12.1.2.172 or higher.
  • Set up firewall policies that will block unauthorized access to VBEM networks ports, most importantly port 9398 for the REST API.
  • Restrict network access, allowing only trusted IP addresses access to VBEM.
  • Enable multi-factor authentication for extra security, as another way of authentication.
  • Use a Web Application Firewall to prevent malicious attempts to access VBEM.
  • Check access logs frequently and set up alerts for any type of suspicious activity, login attempts, and untrusted IP addresses.
  • Isolate the VBEM server from other important networks to prevent attacks and access to other areas.
  • Keep all types of software, in addition to VBEM, updated regularly to prevent these types of situations.

Reference

For more in-depth information about the recommendations, please visit the following link:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Jon Abraham

Posted by Jon Abraham

Jon is a Cybersecurity Analyst intern at Barracuda. He works on our Blue Team within our Security Operations Center. Jon supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *