CVE-2024-29849: 
Veeam Backup & Replication vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-29849) was discovered in Veeam Backup Enterprise Manager that allows unauthenticated users to log in as any user to the enterprise manager web interface. The vulnerability was disclosed on May 21, 2024, and received a Critical CVSS score of 9.8. The affected software versions include Veeam Backup Enterprise Manager versions 5.0, 6.1, 6.5, 7.0, 8.0, 9.0, 9.5, 10, 11, 12, and 12.1 (Veeam KB, Arctic Wolf).

The vulnerability allows an unauthenticated attacker to bypass authentication measures and gain unauthorized access to the Veeam Backup Enterprise Manager web interface with the ability to log in as any user. The vulnerability has been assigned a CVSS v3.0 score of 9.8 (Critical) with the following vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The affected application is an optional add-on application used to manage Veeam Backup & Replication via a web console in Veeam environments (Arctic Wolf).

The vulnerability poses a significant security risk as it allows unauthorized access to the Veeam Backup Enterprise Manager web interface, potentially enabling attackers to gain full control over the backup system. This could lead to unauthorized access to sensitive data, manipulation of backup configurations, and disruption of backup operations (Arctic Wolf).

Veeam has released version 12.1.2.172 which addresses this vulnerability. If immediate upgrading is not feasible, users can mitigate the risk by stopping and disabling the 'VeeamEnterpriseManagerSvc' and the 'VeeamRESTSvc' services. Additionally, Veeam recommends uninstalling Backup Enterprise Manager if it is not in use within the environment, as it is an optional add-on application (Veeam KB).