Veeam Backup Auth Bypass (CVE-2024-29849) – PoC Active in Wild
Vulnerability Analysis
- CVE: CVE-2024-29849
- CVSS: 9.8 (Critical)
- Impact: Remote attackers gain admin privileges on:
Veeam Backup Enterprise Manager ≤ 12.1.2.172
Technical Breakdown
The flaw allows bypassing authentication via crafted API requests to:
/api/oauth2/authorize endpoint
Proof of Concept
Functional exploit now public:
🔍Download Exploit PoC
Detection Signs
- Unusual authentication logs from external IPs
- API requests to
/api/oauth2/* without session tokens
Mitigation Steps
- Patching:
Veeam KB45678 (Latest version)
- Containment:
- Restrict TCP/9392 to trusted IPs
- Enable MFA for all backup admins
- Forensics:
Get-WinEvent -LogName "Veeam Backup" -ID 205
Discussion Points
- Has your org observed exploitation attempts?
- Effective WAF rules to block this bypass?
#BackupSecurity #CyberThreat #CVE2024
Support Crack-Vault and help us keep providing free tools. Every donation counts!
(BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn
