Updates have been released by Veeam to resolve a critical Veeam Updater remote code execution flaw, tracked as CVE-2024-23114, which affects multiple Veeam Backup offerings, SC Media reports.
Discovered by ethical hacker Jarmo Puttonen, the flaw stems from improper validation of Transport Layer Security (TLS) certificates, which let attackers launch man-in-the-middle attacks and execute arbitrary code with root privileges.The vulnerability impacts Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and Oracle Linux Virtualization Manager/Red Hat Virtualization. While most affected products have already been secured in updates prior to January 2025, Veeam Backup for Salesforce remains vulnerable up to version 3.1, according to Veeam, which recommended another patch for the issue.Users are urged to check for updates via Veeam Updater. This comes amid heightened cybersecurity concerns, as previous Veeam vulnerabilities, including CVE-2024-40711, have been targeted by ransomware groups. Veeam continues to enhance security to mitigate emerging threats.
Discovered by ethical hacker Jarmo Puttonen, the flaw stems from improper validation of Transport Layer Security (TLS) certificates, which let attackers launch man-in-the-middle attacks and execute arbitrary code with root privileges.The vulnerability impacts Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and Oracle Linux Virtualization Manager/Red Hat Virtualization. While most affected products have already been secured in updates prior to January 2025, Veeam Backup for Salesforce remains vulnerable up to version 3.1, according to Veeam, which recommended another patch for the issue.Users are urged to check for updates via Veeam Updater. This comes amid heightened cybersecurity concerns, as previous Veeam vulnerabilities, including CVE-2024-40711, have been targeted by ransomware groups. Veeam continues to enhance security to mitigate emerging threats.
