CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29851

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00272/1

CVE-2024-29851: Veeam Backup Enterprise Manager NTLM hash theft vulnerability. High-privileged users can steal the NTLM hash of the Enterprise Manager service account. Despite a CVSS score of 0, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a low to medium risk. This privilege escalation vulnerability could allow malicious high-privileged users to compromise the Enterprise Manager service account, leading to unauthorized access and potential data breaches. The CWE-294 indicates improper validation of cryptographic signature. While the SVRS suggests it's not immediately critical, monitoring and patching are recommended, especially given the "In The Wild" tag, which suggests this exploit is actively being used. Addressing this flaw mitigates the risk of unauthorized access to sensitive data managed by Veeam Backup Enterprise Manager.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-22
LAST MODIFIED2024-09-19
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-29851 is a vulnerability in Veeam Backup Enterprise Manager that allows high-privileged users to steal the NTLM hash of the Enterprise manager service account. This vulnerability is rated as 7.2 on the CVSS scale and has a SOCRadar Vulnerability Risk Score (SVRS) of 30, indicating a moderate risk.

Key Insights

  • High-privileged users can exploit this vulnerability to gain access to sensitive information. The NTLM hash is a cryptographic hash of the user's password, which can be used to authenticate to other systems. This could allow attackers to gain access to other systems within the network, including servers and databases.
  • The vulnerability is actively exploited in the wild. This means that attackers are actively using this vulnerability to target systems.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures. This indicates that CISA believes this vulnerability is a serious threat to organizations.

Mitigation Strategies

  • Update Veeam Backup Enterprise Manager to the latest version. Veeam has released a patch that addresses this vulnerability.
  • Restrict access to the Veeam Backup Enterprise Manager console to only authorized users. This will help to prevent unauthorized users from exploiting this vulnerability.
  • Enable two-factor authentication for access to the Veeam Backup Enterprise Manager console. This will add an extra layer of security to help protect against unauthorized access.
  • Monitor your systems for any suspicious activity. If you detect any suspicious activity, you should investigate immediately.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories) - CybersecurityNews
2024-05-26
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories) - CybersecurityNews | Description: To strengthen organizational protections, one must stay up to date with the constantly evolving nature of cybersecurity. Such a weekly recap of cyber-security news is essential, as it can provide insight into newly emerging threats, vulnerabilities, data breaches, and countermeasures. Mitigating risks promptly and securing critical assets against the latest attack vectors and cyber risks requires situational awareness in this dynamic threat landscape. Threats Hackers Weaponizing Microsoft Access Documents Microsoft Access documents that have been hacked are used to run malicious programs causing loss of
google.com
rss
forum
news
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories) - CybersecurityNews
2024-05-26
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories) - CybersecurityNews | News Content: To strengthen organizational protections, one must stay up to date with the constantly evolving nature of cybersecurity. Such a weekly recap of cyber-security news is essential, as it can provide insight into newly emerging threats, vulnerabilities, data breaches, and countermeasures. Mitigating risks promptly and securing critical assets against the latest attack vectors and cyber risks requires situational awareness in this dynamic threat landscape. Threats Hackers Weaponizing Microsoft Access Documents Microsoft Access documents that have been hacked are used to run malicious programs causing loss
ipv4s
cve-2024-32002
cve-2024-29849
cve-2024-36052
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet
2024-05-27
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet | URL: https://www.esecurityplanet.com/threats/vulnerability-recap-may-27-2024/ | Description: In last week’s major vulnerability news, various platforms performed a series of fixes for new and persistent vulnerabilities. QNAP released upgrades for their NAS devices after facing a stack buffer overflow flaw. Fluent Bit published a version upgrade following a memory corruption vulnerability. GitHub Enterprise Server and GitLab patched their authentication bypass and XSS issues. Google Chrome had its eighth zero-day exploit, triggering an emergency upgrade. Additionally, CISA’s exploited vulnerabilities list now includes Apache Flink’s long-standing access control issue. With these
cve-2024-5157
cve-2024-5160
cve-2024-29849
cve-2024-5159
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet
2024-05-27
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet | Description: In last week’s major vulnerability news, various platforms performed a series of fixes for new and persistent vulnerabilities. QNAP released upgrades for their NAS devices after facing a stack buffer overflow flaw. Fluent Bit published a version upgrade following a memory corruption vulnerability. GitHub Enterprise Server and GitLab patched their authentication bypass and XSS issues. Google Chrome had its eighth zero-day exploit, triggering an emergency upgrade. Additionally, CISA’s exploited vulnerabilities list now includes Apache Flink’s long-standing access control issue. With these new fixes and updates
google.com
rss
forum
news
Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes
Maine Basan2024-05-27
Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes | Google, Microsoft, Gitlab, and more performed system patches. Check out these vulnerability fixes. The post Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes appeared first on eSecurity Planet.In last week’s major vulnerability news, various platforms performed a series of fixes for new and persistent vulnerabilities. QNAP released upgrades for their NAS devices after facing a stack buffer overflow
cve-2024-4323
cve-2024-4985
esecurityplanet.com
rss
Cyber Security News Weekly Round-Up May - CybersecurityNews
2024-05-26
Cyber Security News Weekly Round-Up May - CybersecurityNews | URL: https://cybersecuritynews.com/cyber-security-news-weekly-round-up-may/ | Description: To strengthen organizational protections, one must stay up to date with the constantly evolving nature of cybersecurity. | News Content: To strengthen organizational protections, one must stay up to date with the constantly evolving nature of cybersecurity. Such a weekly recap of cyber-security news is essential, as it can provide insight into newly emerging threats, vulnerabilities, data breaches, and countermeasures. Mitigating risks promptly and securing critical assets against the latest attack vectors and cyber risks requires situational awareness in this dynamic threat landscape. Threats Hackers Weaponizing Microsoft
google.com
rss
forum
news
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Guru Baran2024-05-26
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories) | To strengthen organizational protections, one must stay up to date with the constantly evolving nature of cybersecurity. Such a weekly recap of cyber-security news is essential, as it can provide insight into newly emerging threats, vulnerabilities, data breaches, and countermeasures. Mitigating risks promptly and securing critical assets against the latest attack vectors and cyber risks […] The post Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New
cybersecuritynews.com
rss
forum
news

Social Media

Veeam Backup Enterprise Manager Vulnerabilities (CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852) #PatchManagement https://t.co/Br29Y0mlqk
0
0
0
CVE-2024-29851 Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. https://t.co/1WiYr6Q93S
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://veeam.com/kb4581

CWE Details

CWE IDCWE NameDescription
CWE-294Authentication Bypass by Capture-replayA capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence