⚡ TL;DR | Go Straight to the Veeam ONE Vulnerability Audit Report or Go Straight to the Veeam Backup & Replication Vulnerability Audit Report
Veeam has released security updates for 6 of its products addressing a total of 18 high and critical security flaws. The most dangerous of these is a remote code execution vulnerability in Veeam Backup & Replication that can be exploited without authentication. This could compromise the integrity of sensitive business data or serve as a pivot point for lateral movement. We have added a new report to Lansweeper to help you identify any at-risk Veeam installations.
Veeam Vulnerabilities
Veeam’s security bulletin addresses a total of 18 vulnerabilities in 6 of its products, all of which have a high or critical severity rating. All of these vulnerabilities have the potential to compromise sensitive data or disrupt operations.
CVE-2024-40711
The most severe of the vulnerabilities addressed is a remote code execution vulnerability in Veeam Backup & Replication tracked as CVE-2024-40711. It received a CVSS v3.1 score of 9.8 and can be exploited without authentication. Since VBR is used to manage and secure backup infrastructure, it plays an important part in data protection. It can also be used as an entry point for lateral attacks. This makes it a valuable target for ransomware attacks.
Other Vulnerabilities Addressed
All vulnerabilities addressed in this security update have a high or critical severity score ranging from 7.3 to 9.9. All could pose a significant risk to your data and operations. For full details, check out Veeam’s security bulletin.
Update Vulnerable Veeam Installations
All vulnerabilities documented in the security bulletin have been resolved in the latest version of each product. In order to protect your organization and its data, make sure to update all installations as soon as possible.
| Product | Affected Versions | Fixed Version |
| Veeam Backup & Replication | 12.1.2.172 and all earlier version 12 builds | 12.2 (build 12.2.0.334) |
| Veeam ONE | 12.1.0.3208 and all earlier version 12 builds | v12.2 (build 12.2.0.4093) |
| Veeam Service Provider Console | 8.0.0.19552 and all earlier version 8 builds | v8.1 (build 8.1.0.21377) |
| Veeam Agent for Linux | 6.1.2.1781 and all earlier version 6 builds | 6.2 (build 6.2.0.101) (Included with Veeam Backup & Replication 12.2) |
| Veeam Backup for Nutanix AHV | 12.5.1.8 and all earlier version 12 builds. | v12.6.0.632 |
| Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization | 12.4.1.45 and all earlier version 12 builds. | v12.5.0.299 |
Discover At-Risk Veeam Installations
We have added 2 new vulnerability reports to Lansweeper to help you locate any vulnerable installations of Veeam Backup & Replication and Veeam ONE in your network. This will give you an actionable list of devices that still require you to take action. You can get the report via the link below.
Run the Veeam ONE Vulnerability Audit Report or Run the Veeam Backup & Replication Vulnerability Audit report
