CVE-2024-29849

Name of the Vulnerable Software and Affected Versions Veeam Backup Enterprise Manager (affected versions not specified)

Description Veeam Backup Enterprise Manager has a flaw that allows unauthenticated users to log in as any user to the enterprise manager web interface. The vulnerability resides in the Veeam.Backup.Enterprise.RestAPIService.exe service, which listens on TCP port 9398 and functions as a REST API server. Exploitation involves sending a specially crafted VMware Single Sign-On (SSO) token via the API. The token includes an authentication request impersonating an administrator and a URL for the SSO service, which Veeam does not validate. The decoded token is interpreted as XML and verified through a SOAP request to a URL controlled by the attacker. A server controlled by the attacker responds positively to verification requests, allowing the attacker to gain administrative access. The vulnerability allows an attacker to bypass authentication and access the Backup Enterprise Manager. A proof-of-concept (PoC) exploit is publicly available. The vulnerability is tracked as CVE-2024-29849 and has a CVSS score of 9.8.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.