Jetzt Ausprobieren
Vulnerability

Veeam Fixes Critical Vulnerabilities in 6 Products

3 min. read
06/09/2024
By Laura Libeer
Veeam vulnerability

⚡ TL;DR | Go Straight to the Veeam ONE Vulnerability Audit Report or Go Straight to the Veeam Backup & Replication Vulnerability Audit Report

Veeam has released security updates for 6 of its products addressing a total of 18 high and critical security flaws. The most dangerous of these is a remote code execution vulnerability in Veeam Backup & Replication that can be exploited without authentication. This could compromise the integrity of sensitive business data or serve as a pivot point for lateral movement. We have added a new report to Lansweeper to help you identify any at-risk Veeam installations.

Veeam Vulnerabilities

Veeam’s security bulletin addresses a total of 18 vulnerabilities in 6 of its products, all of which have a high or critical severity rating. All of these vulnerabilities have the potential to compromise sensitive data or disrupt operations.

CVE-2024-40711

The most severe of the vulnerabilities addressed is a remote code execution vulnerability in Veeam Backup & Replication tracked as CVE-2024-40711. It received a CVSS v3.1 score of 9.8 and can be exploited without authentication. Since VBR is used to manage and secure backup infrastructure, it plays an important part in data protection. It can also be used as an entry point for lateral attacks. This makes it a valuable target for ransomware attacks.

Other Vulnerabilities Addressed

All vulnerabilities addressed in this security update have a high or critical severity score ranging from 7.3 to 9.9. All could pose a significant risk to your data and operations. For full details, check out Veeam’s security bulletin.

Update Vulnerable Veeam Installations

All vulnerabilities documented in the security bulletin have been resolved in the latest version of each product. In order to protect your organization and its data, make sure to update all installations as soon as possible.

ProductAffected VersionsFixed Version
Veeam Backup & Replication12.1.2.172 and all earlier version 12 builds12.2 (build 12.2.0.334)
Veeam ONE12.1.0.3208 and all earlier version 12 buildsv12.2 (build 12.2.0.4093)
Veeam Service Provider Console8.0.0.19552 and all earlier version 8 buildsv8.1 (build 8.1.0.21377)
Veeam Agent for Linux6.1.2.1781 and all earlier version 6 builds6.2 (build 6.2.0.101) (Included with Veeam Backup & Replication 12.2)
Veeam Backup for Nutanix AHV12.5.1.8 and all earlier version 12 builds.v12.6.0.632
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization12.4.1.45 and all earlier version 12 builds.v12.5.0.299

Discover At-Risk Veeam Installations

We have added 2 new vulnerability reports to Lansweeper to help you locate any vulnerable installations of Veeam Backup & Replication and Veeam ONE in your network. This will give you an actionable list of devices that still require you to take action. You can get the report via the link below.

Run the Veeam ONE Vulnerability Audit Report or Run the Veeam Backup & Replication Vulnerability Audit report