{"id":6706,"date":"2024-06-02T00:48:17","date_gmt":"2024-06-01T22:48:17","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=6706"},"modified":"2024-06-02T00:48:17","modified_gmt":"2024-06-01T22:48:17","slug":"veeam-backup-enterprise-manager-ranjivost","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/","title":{"rendered":"Veeam Backup Enterprise Manager ranjivost"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>Veeam<\/em>, vode\u0107i dobavlja\u010d rje\u0161enja za rezervne kopije za preduze\u0107a \u0161irom sveta, <a href=\"https:\/\/www.veeam.com\/kb4581\" target=\"_blank\" rel=\"noopener\">nedavno je otkrio kriti\u010dnu ranjivost<\/a> koja uti\u010de na <em>Veeam Backup Enterprise Manager<\/em> (<em>VBEM<\/em>). Ova ranjivost, ozna\u010dena kao <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2024-29849\" target=\"_blank\" rel=\"noopener\"><em>CVE-2024-29849<\/em><\/a>, ima ocjenu ozbiljnosti od <em>9.8<\/em> na <em>CVSS<\/em> skali i potencijalno bi mogla da omogu\u0107i neautorizovanim napada\u010dima da preuzmu korisni\u010dke naloge.<\/span><\/p>\n<div id=\"attachment_6707\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-6707\" class=\"size-full wp-image-6707\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM.jpg\" alt=\"Veeam\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/06\/Veeam-Backup-Enterprise-Manager-VBEM-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-6707\" class=\"wp-caption-text\">Veeam Backup Enterprise Manager ranjivost; Source: Bing Image Creator<\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#VEEAM_BACKUP_ENTERPRISE_MANAGER\">VEEAM BACKUP ENTERPRISE MANAGER<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#CVE-2024-29849\">CVE-2024-29849<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#CVE-2024-29850\">CVE-2024-29850<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#CVE-2024-29851\">CVE-2024-29851<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#CVE-2024-29852\">CVE-2024-29852<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#Uticaj_ranjivosti\">Uticaj ranjivosti<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#ZAKLJUCAK\">ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/sajberinfo.com\/en\/2024\/06\/02\/veeam-backup-enterprise-manager-ranjivost\/#ZASTITA\">ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"VEEAM_BACKUP_ENTERPRISE_MANAGER\"><\/span><strong><span style=\"font-size: 14pt;\"><em>VEEAM BACKUP ENTERPRISE MANAGER<\/em><\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>Veeam Backup Enterprise Manager<\/em> (<em>VBEM<\/em>) slu\u017ei kao administrativna konzola dizajnirana da pomogne u upravljanju zadacima vezanim za <em>Veeam Backup &amp; Replication <\/em>kroz infrastrukturu <a href=\"https:\/\/sajberinfo.com\/en\/2020\/11\/02\/rezervna-kopija-i-cuvanje-podataka\/\" target=\"_blank\" rel=\"nofollow noopener\">rezervnih kopija<\/a> organizacije. Njegova uloga u kontroli osjetljivih operacija rezervnih kopija \u010dini ga glavnom metom <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernih aktera<\/a>, posebno imaju\u0107i u vidu ekstenzivnu primjenu <em>Veeam<\/em> rje\u0161enja me\u0111u velikim globalnim preduze\u0107ima, uklju\u010duju\u0107i 74% kompanija iz <em>Forbes<\/em> <em>Global<\/em> <em>2000<\/em>, kao \u0161to su <em>Shell<\/em>, <em>Airbus<\/em>, <em>Volkswagen<\/em> <em>Group <\/em>i <em>Fujifilm<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CVE-2024-29849\"><\/span><strong><span style=\"font-size: 14pt;\"><em>CVE-2024-29849<\/em><\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Kriti\u010dna ranjivost, <em>CVE-2024-29849<\/em>, ima ocjenu ozbiljnosti od <em>9.8<\/em> na <em>CVSS<\/em> skali. Ova ranjivost uti\u010de na <em>Veeam Backup Enterprise Manager<\/em>, koji nije podrazumijevano omogu\u0107en. Ranjivost omogu\u0107ava napada\u010dima da zaobi\u0111u autentifikaciju i prijave se na njegov veb interfejs kao bilo koji korisnik bez korisni\u010dke interakcije potrebne za daljinsku eksploataciju i niske slo\u017eenosti napada, \u0161to je kriti\u010dna ranjivost. Uspje\u0161na eksploatacija <em>CVE-2024-29849<\/em> mo\u017ee dovesti do razli\u010ditih negativnih posljedica, uklju\u010duju\u0107i, ali ne ograni\u010davaju\u0107i se na:<\/span><\/p>\n<ol>\n<li><span style=\"font-size: 14pt;\">Neovla\u0161teni korisnici mogu da pristupe i eksfiltriraju osjetljive podatke sa <em>Veeam Backup Enterprise Manager<\/em> veb interfejsa,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Napada\u010di mogu da iskoriste svoje novootkrivene privilegije da kompromituju druge sisteme ili aplikacije povezane sa pogo\u0111enom <em>Veeam Backup Enterprise Manager<\/em> instancom, \u0161to potencijalno mo\u017ee dovesti do \u0161ire zloupotrebe,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Zlonamjerni korisnici mogu da izvr\u0161e nenamjerne promjene u konfiguracijama rezervnih kopija, ta\u010dkama vra\u0107anja i pravima pristupa unutar <em>Veeam Backup Enterprise Manager<\/em> interfejsa,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Napada\u010di mogu da uti\u010du\u0107u na sposobnost organizacije da se oporavi od napada <em>ransomware<\/em> ili drugih incidenata gubitka podataka.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-size: 14pt;\">Pored <em>CVE-2024-29849<\/em>, <em>Veeam<\/em> je tako\u0111e ispravio jo\u0161 tri bezbjednosne ranjivosti.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CVE-2024-29850\"><\/span><strong><span style=\"font-size: 14pt;\"><em>CVE-2024-29850<\/em><\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ova ranjivost visoke ozbiljnosti predstavlja opasan vektor za preuzimanje naloga preko <em>NTLM<\/em> releja. U okru\u017eenjima u kojima se koristi <em>NTLM<\/em> autentifikacija, ova ranjivost bi mogla omogu\u0107iti napada\u010dima da presretnu i prenesu sesije autentifikacije, efektivno im omogu\u0107avaju\u0107i neovla\u0161teni pristup <em>Veeam Backup Enterprise Manager<\/em> sistemu. Ranjivost ima ocjenu ozbiljnosti od <em>8.8<\/em> na <em>CVSS<\/em> skali.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CVE-2024-29851\"><\/span><strong><span style=\"font-size: 14pt;\"><em>CVE-2024-29851<\/em><\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ova ranjivost omogu\u0107ava korisniku sa visokim privilegijama da ukrade <em>NTLM<\/em> he\u0161 naloga <em>Veeam Backup Enterprise Manager<\/em> usluge ako je nalog usluge koji koristi <em>Veeam Backup Enterprise Manager<\/em> konfigurisan da koristi akreditive koji nisu podrazumijevani nalog lokalnog sistema. Ranjivost ima ocjenu ozbiljnosti od <em>7.2<\/em> na <em>CVSS<\/em> skali.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CVE-2024-29852\"><\/span><strong><span style=\"font-size: 14pt;\"><em>CVE-2024-29852<\/em><\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ova ranjivost omogu\u0107ava omogu\u0107ava korisnicima sa visokim privilegijama da \u010ditaju dnevnike sesija rezervnih kopija. Ranjivost ima ocjenu ozbiljnosti od 2<em>.7<\/em> na <em>CVSS<\/em> skali.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Uticaj_ranjivosti\"><\/span><strong><span style=\"font-size: 14pt;\">Uticaj ranjivosti<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ove ranjivosti uti\u010du na sve verzije <em>Veeam Backup &amp; Replication<\/em>, po\u010dev\u0161i od <em>5.0<\/em> do <em>12.1<\/em>. Me\u0111utim, ove ranjivosti su ispravljene smo u <em>Veeam Backup Enterprise Manager<\/em> <em>12.1.2.172<\/em>, koji je upakovan sa <em>Veeam Backup &amp; Replication<\/em> <em>12.1.2<\/em> (<em>build 12.1.2.172<\/em>) \u2013 jedinoj trenutno podr\u017eanoj verziji tog rje\u0161enja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cVeeam Backup Enterprise Manager je kompatibilan za upravljanje Veeam Backup &amp; Replication serverima koji koriste stariju verziju od Veeam Backup Enterprise Manager. Stoga, ako je softver Veeam Backup Enterprise Manager instaliran na namjenskom serveru, Veeam Backup Enterprise Manager mo\u017ee da se nadogradi na verziju 12.1.2.172 bez potrebe da se odmah nadogradi Veeam Backup &amp; Replication.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>&#8211; Veeam &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Za organizacije koje ne mogu odmah da nadograde na <em>Veeam Backup Enterprise Manager<\/em> verziju <em>12.1.2.172<\/em>, mjere ubla\u017eavanja uklju\u010duju zaustavljanje i onemogu\u0107avanje odre\u0111enih usluga ili <em>Veeam Backup Enterprise Manager<\/em> deinstaliranje ako se ne koristi.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><strong><span style=\"font-size: 14pt;\">ZAKLJU\u010cAK<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>Veeam<\/em> je rije\u0161io nekoliko ranjivosti u svom softveru <em>Veeam Backup Enterprise Manager<\/em>, uklju\u010duju\u0107i <em>CVE-2024-29849<\/em> koja omogu\u0107ava neautorizovano prijavljivanje bilo kog korisnika. Iskori\u0161tavanje ove ranjivosti ne mo\u017ee dovesti do brisanja rezervnih kopija, zbog zbog <em>Veeam<\/em> nepromjenljive rezervne kopije i politike autorizacije \u010detiri oka. To zna\u010di da sve promjene napravljene u podacima prvo pregleda drugi administrator pre nego \u0161to budu sprovedene.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Za organizacije koje koriste <em>Veeam Backup Enterprise Manager<\/em> klju\u010dno je da primjene preporu\u010denu ispravku \u0161to je pre moguc\u0301e, s obzirom na ekstenzivnu primjenu <em>Veeam<\/em> rje\u0161enja u velikim globalnim preduze\u0107ima. Ovo samo nagla\u0161ava va\u017enost odr\u017eavanja a\u017euriranog softvera, brze primijene ispravki i implementacije robusnih bezbjednosnih mjera za za\u0161titu infrastrukture rezervnih kopija organizacije od potencijalnih prijetnji.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cKada se ranjivost identifikuje i otkrije, napada\u010di \u0107e i dalje poku\u0161avati da iskoriste i urade obrnuti in\u017einjering ispravke kako bi iskoristili ranjivost na ne a\u017euriranoj verziji Veeam softvera u svojim poku\u0161ajima eksploatacije. Ovo nagla\u0161ava va\u017enost osiguravanja da korisnici koriste najnovije verzije svih softvera i da su isprvake instalirane na vreme.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>&#8211; Veeam &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><strong><span style=\"font-size: 14pt;\">ZA\u0160TITA<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Da bi se za\u0161titili od ranjivosti CVE-2024-29849 u <em>Veeam Backup Enterprise Manager<\/em>, korisnici bi trebalo da a\u017euriraju svoj softver na najnoviju verziju <em>12.1.2.172<\/em>, koja uklju\u010duje ispravku za ovu kriti\u010dnu ranjivost zaobila\u017eenja autentifikacije. Ako nadogradnja nije opcija, <em>Veeam<\/em> savjetuje da se zaustavi ili \u010dak deinstalira softver ako se ne koristi. Pored toga, implementacija politike segmentacije mre\u017ee i kontrole pristupa mo\u017ee pomo\u0107i u ubla\u017eavanju potencijalnih rizika dok se ispravka ne mo\u017ee primijeniti.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Veeam, vode\u0107i dobavlja\u010d rje\u0161enja za rezervne kopije za preduze\u0107a \u0161irom sveta, nedavno je otkrio kriti\u010dnu ranjivost koja uti\u010de na Veeam Backup Enterprise Manager (VBEM). Ova ranjivost, ozna\u010dena kao CVE-2024-29849, ima ocjenu ozbiljnosti od 9.8&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":6707,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[311,1421,1422,1425,1420,1424,1428,1423,1426,1389,1419,1427,126],"class_list":["post-6706","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-account-takeover","tag-authentication-bypass","tag-backup-enterprise-manager","tag-backups","tag-cve-2024-29849","tag-high-privileged-users","tag-mitigation-strategies","tag-ntlm-relay","tag-security-patch","tag-software-update","tag-veeam","tag-veeam-backup-replication","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=6706"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6706\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/6707"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=6706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=6706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=6706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}