CVE-2024-29849
CVE-2024-29849
In short
An attacker can log into Veeam Backup Enterprise Manager as any user without needing a password or credentials. This is critical because it gives unauthorized access to backup systems that protect important company data.
Technical detail
An unauthenticated attacker can bypass authentication mechanisms (CWE-287) in the Enterprise Manager web interface to assume the identity of any legitimate user. This requires network access to the web interface and allows complete compromise of backup management functionality, including data access and system configuration.
Summary generated and translated by AI from the official description.
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Veeam · Backup & Replicationpublic PoCs found — 1
githubgithub.com/sinsinology/CVE-2024-29849★ 90⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://veeam.com/kb4581