CVE Vulnerabilities

CVE-2024-29851

Authentication Bypass by Capture-replay

Published: May 22, 2024 | Modified: Jul 03, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

Weakness

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Affected Software

Name Vendor Start Version End Version
Veeam_backup_&_replication Veeam * 12.1.2.172 (excluding)

Potential Mitigations

References