Veeam released the Backup & Replication v12.1.2.172 on May 21, 2024.
The vulnerabilities documented in these sections were fixed starting in the 12.1.2.172 build.
Veeam Backup Enterprise Manager (VBEM)
CVE-2024-29849 | Severity: Critical (9.8)
This vulnerability in VBEM allows an unauthenticated attacker to log in to the VBEM web interface as any user.
CVE-2024-29850 | Severity: High (8.8)
This Vulnerability in VBEM allows account takeover via NTLM relay.
CVE-2024-29851 | Severity: High (7.2)
This vulnerability in VBEM allows a high-privileged user to steal the NTLM hash of the VBEM service account if it is not the default Local System account.
CVE-2024-29852 | Severity: Low (2.7)
This vulnerability in VBEM allows high-privileged users to read backup session logs.
Veeam Agent for Windows (VAW)
CVE-2024-29853 | Severity: High (7.8)
This vulnerability in VAW allows for Local Privilege Escalation.
The details are as link https://www.veeam.com/kb4510
1.Login to the Veeam Backup and Replication Management Server.
2.Sign in your Veeam account and download the Veeam Backup and Replication v12.1 ISO image.
3.Open the Veeam Backup & Replication 12 Console and click Connect.
4.Enter the MFA Confirmation code and click Confirm.
5.Verify the existing Veeam Backup & Replication version from the Veeam Backup & Replication console (Help |Abut) and ensure that the version matches the installation requirements.
6.Ensure all jobs are successful, right-click all jobs and select disable.
7.Mount Veeam Backup and Replication v12.1 iso image file and run Setup.exe.
8.Run Setup.exe.
9.On the User Account Control page, click Yes.
10.On the Veeam Backup & Replication 12.1 page, click Upgrade.
11.On the Veeam Backup & Replication page, select Upgrade Veeam Backup & Replication.
12.On the License Agreement page, click I Accept.
13.On the Upgrade page, click Next.
14. The setup wizard will inform you if a valid license is installed on the machine. In this case, you can skip the Provide License step and click Next.
15.On the Service Account page, click Next.
16.On the Database page, click Next.
17.Click Yes to ensure that this installation is connected to the selected database.
18.Click Upgrade on the Ready to Upgrade page.
19.There are 6 steps for upgrading the Veeam Backup & Replication management server.
20.Ensure the upgrade is successful and click finish.
21.Open the Veeam Backup & Replication 12 Console and click Connect.
22.Enter the MFA Confirmation code and click Confirm.
23. Select all servers on the Components Update page and click Apply.
24.On the Components Update page, ensure all components are updated successfully for all servers and click Finish.
25.Verify the Veeam Backup & Replication version from the Veeam Backup & Replication console (Help |Abut).
26.Ensure that the version is 12.1.2.172.
27.Re-enable all jobs.
Author: Cary Sun
Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.
Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun