Several critical vulnerabilities have been discovered in Veeam Service Provider Console and Veeam Backup & Replication could allow attackers to gain unauthorized access, execute malicious code, and potentially compromise sensitive data.
- CVE-2024-38650 with a CVSS score of 9.9 is a vulnerability enabling low-privileged attackers to access the NTLM hash of the service account on the Veeam Service Provider Console server, paving the way for potential lateral movement and further system compromise.
- CVE-2024-39714 with a CVSS score of 9.9 flaw permits low-privileged users to upload arbitrary files to the server, ultimately leading to remote code execution and granting attacker’s full control.
- CVE-2024-40711 with a CVSS 9.8 is a flaw in Veeam Backup & Replication allows unauthenticated attackers to execute code remotely, granting them full control over the affected system. Organizations relying on Veeam Backup & Replication for data protection are strongly urged to apply the latest patch (Veeam Backup & Replication 12.2 build 12.2.0.334) immediately.
- CVE-2024-39715 with a CVSS 8.5, like the previous vulnerability, this one allows low-privileged users with REST API access to remotely upload arbitrary files, again leading to remote code execution.
- CVE-2024-38651 with a CVSS 8.5, enables low-privileged users to overwrite files on the Veeam Service Provider Console server, which can also facilitate remote code execution.
For service providers relying on VSPC to deliver BaaS and DRaaS, these vulnerabilities pose a severe threat. The ability to execute remote code or steal NTLM hashes could compromise backup integrity, expose sensitive customer data, and disrupt disaster recovery processes. Attackers gaining access to the VSPC server could manipulate backups, disable recovery processes, or even deploy ransomware.
The severity of these vulnerabilities, coupled with the potential for widespread exploitation, makes immediate action crucial. Organizations utilizing Veeam Service Provider Console are strongly advised to update to version 8.1 (build 8.1.0.21377) or later immediately.
