Veeam has released a patch for a vulnerability impacting Veeam Backup Enterprise Manager. that is vulnerable to Man-in-the-Middle (MITM) attacks.
The vulnerability tracked as CVE-2024-40715, with a CVSS score of 7.7 allows attackers to bypass authentication through a MITM attack, which could have significant implications for organizations relying on Veeam’s backup solutions for data security
Veeam has addressed this vulnerability with a hotfix for Veeam Backup Enterprise Manager version 12.2.0.334, released on November 6, 2024. Users with earlier versions of Veeam Backup Enterprise Manager, such as 12.1.2.172 or older, are urged to upgrade to version 12.2.0.334, which includes the essential fix to secure against this vulnerability.
As this is a hotfix, to ensure the patch is applied, Veeam provides a way for administrators to validate the fix. Administrators can use the following PowerShell command to check the SHA1 hash of the patched DLL file:
Get-FileHash -Path 'C:\Program Files\Veeam\Backup and Replication\Enterprise Manager\Veeam.Backup.Enterprise.Core.dll' -Algorithm SHA1
SHA1 hash: FDC176FCE4825023F14462A51541C1DF591B28AC