High severity vulnerabilities in Veeam Backup & Replication 12/2024

05 December 2024 

On 04 December 2024, Veeam published several, in parts high severity vulnerabilities related to their Veeam Backup & Replication data backup solution.

All Veeam Backup & Replication versions < 12.3 are affected. The security gaps have been closed with the initial release 12.3.0.310 of Veeam Backup & Replication.

For further details, please refer to KB4693: Vulnerabilities Resolved in Veeam Backup & Replication 12.3. The BSI (German Federal Office for Information Security) has listed the vulnerability under WID-SEC-2024-3602 and rates the overall threat with an CVSS score of 8.8.

List of closed vulnerabilities: CVE-2024-40717 CVE-2024-42452 CVE-2024-42453 CVE-2024-42456 CVE-2024-42451 CVE-2024-42457 CVE-2024-45204   CVE-2024-42455

As the vulnerabilities listed require an authentication, they can generally only be exploited in a VIVAVIS control system environment by an attacker from inside. We therefore classify the threat level as generally lower but recommend installing the patches provided as soon as possible.

If you have further questions or require support, please contact our Customer Support.

RSS-Feed

Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader: https://www.vivavis.com/en/category/it-security-en/feed/

You can find out how to integrate the RSS feed into Outlook here.