CVE-2024-42024: veeam did not disclosed the details, perhaps this story can tell (9th Sep 2024)

Preface: Veeam ONE agent is a component that enables communication with Veeam Backup & Replication servers, performs collection of logs, and sends remediation commands. It is recommended to install Veeam ONE agent to improve data collection performance in large-scale Veeam Backup & Replication infrastructures.

Background: Veeam ONE supports two deployment scenarios:

• All-in-one

The all-in-one deployment scenario is ideal if you want to consolidate the entire product functionality in one place by installing all product architectural components on a single machine. This scenario is preferable for small- to medium-scale deployments.

• Custom

The custom deployment scenario is more suitable if you want to separate client/server roles and install product architectural components on different machines. This scena rio is recommended for large-scale deployments.

Vulnerability details:  A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

Official announcement: Please refer to the link for details – https://www.veeam.com/kb4649

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.