24. 05. 2024 Mirko Ioris SOCnews

SOC News | May 24 – Patch This Veeam Critical Vulnerability Now

On May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.

CVE NumberCVSS ScoreEPSS Score
CVE-2024-298499.8 (Critical)0.04% (Low)
CVE-2024-298508.8 (High)0.04% (Low)
CVE-2024-298517.2 (High)0.04% (Low)
CVE-2024-298522.7 (Low)0.04% (Low)
Details of the vulnerabilities

The EPSS associated with the vulnerabilities is very low at the time of writing this post (24/05/24) because the discoveries are new and not yet exploited, but might increase in the following weeks. At the moment there is no evidence of an exploit available in the wild.

The VBEM application is used to manage Veeam Backup & Replication (VBR) installations from a single console, but its use is optional and not all environments have it installed. Therefore, the attack surface is small.

A quick search on Shodan returns “only” 63 exposed instances of VBEM that may be vulnerable if not patched. Most of them are located in the US.

Veeam fixed all these vulnerabilities in the Veeam Backup Enterprise Manager version. If an update is not possible, network administrators can mitigate the threat by halting the Veeam Backup Enterprise Manager software. To do so it’s sufficient to stop and disable the VeeamEnterpriseManagerSvc (Veeam Backup Enterprise Manager) and VeeamRESTSvc (Veeam RESTful API) services.

We recommend that everyone using VBEM apply the patch as soon as possible.

Mirko Ioris

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix


Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Leave a Reply

Your email address will not be published. Required fields are marked *