Security Alerts

CVE-2024-40711 Veeam unauthenticated remote code execution

Der Hersteller Veeam hat am 09.05.2024 Informationen zu mehreren Schwachstellen für die nachfolgenden Produkte veröffentlicht.

  • Veeam Backup & Replication
  • Veeam Agent for Linux
  • Veeam ONE
  • Veeam Service Provider Console
  • Veeam Backup for Nutanix AHV
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

 

Klassifizierung

ProductCVECVSS 3.1 ScoreSeverity
Veeam Backup & ReplicationCVE-2024-407119.8Critical
CVE-2024-407138.8High
CVE-2024-407108.8High
CVE-2024-407148.3High
CVE-2024-397188.1High
CVE-2024-407127.8High
Veeam Agent for LinuxCVE-2024-407097.8High
Veeam ONECVE-2024-420249.1Critical
CVE-2024-420199.0Critical
CVE-2024-420238.8High
CVE-2024-420217.5High
CVE-2024-420227.5High
CVE-2024-420207.3High
Veeam Service Provider Console CVE-2024-386509.9Critical
CVE-2024-397149.9Critical
CVE-2024-397158.5High
CVE-2024-386518.5High

Veeam Backup for Nutanix AHV,

Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

CVE-2024-407188.8High

 

Betroffene Versionen

  • Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds.
  • Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds.
  • Veeam ONE 12.1.0.3208 and all earlier version 12 builds.
  • Veeam Service Provider Console 8.1.0.21377 and all earlier version 8 builds.
  • Veeam Backup for Nutanix AHV Plug-In 12.5.1.8 and all earlier verion 12 builds.
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4.1.45 and all earlier version 12 builds.

 

Workarounds

Keine

 

Maßnahmen

Aktualisieren der Produkte auf die jew. folgende Version:

 

Quellen

Veeam Security Bulletin (September 2024): www.veeam.com/kb4649

Sie haben Fragen?