Veeam released Backup & Replication v12.2.0.334 on August 28, 2024.

Veeam Backup & Replication 12.1 is the newer build of version 12, and the major new features and enhancements were added in Veeam Backup & Replication v12.2.

The details are as link https://www.veeam.com/veeam_backup_12_2_release_notes_rn.pdf.

The vulnerabilities documented in these sections were fixed starting in the 12.2 build.

CVE-2024-40711

A vulnerability allowing unauthenticated remote code execution (RCE).

Florian Hauser reported this vulnerability with CODE WHITE Gmbh.

Severity: Critical

CVSS v3.1 Score: 9.8

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.

Severity: High

CVSS v3.1 Score: 8.8

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (saved credentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.

Severity: High

CVSS v3.1 Score: 8.8

CVE-2024-39718

A vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.

Severity: High

CVSS v3.1 Score: 8.1

CVE-2024-40714

A vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

Severity: High

CVSS v3.1 Score: 8.3

CVE-2024-40712

A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).

Severity: High

CVSS v3.1 Score: 7.8

The details are as link https://www.veeam.com/kb4649

1.Login to the Veeam Backup and Replication Management Server.

2.Sign in your Veeam account and download the Veeam Backup and Replication v12.1 ISO image.

3.Open the Veeam Backup & Replication 12 Console and click Connect.

4.Enter the MFA Confirmation code and click Confirm.

5.Verify the existing Veeam Backup & Replication version from the Veeam Backup & Replication console (Help |Abut) and ensure that the version matches the installation requirements.

6.Ensure all jobs are successful, right-click all jobs and select disable.

7.Drop down the main menu and select Configuration Backup.

8.On the Configuration Backup Settings page, select Backup now to backup the current configuration file.

9.Click OK to close the Configuration Backup Settings after the backup is completed.

10.Mount Veeam Backup and Replication v12.2 iso image file and run Setup.exe.

11.Run Setup.exe.

12.On the User Account Control page, click Yes.

13.On the Veeam Backup & Replication 12.1 page, click Upgrade.

14.On the Veeam Backup & Replication page, select Upgrade Veeam Backup & Replication.

15.On the License Agreement page, click I Accept.

16.On the Upgrade page, click Next.

17. If a valid license is installed on the machine, the setup wizard will inform you. In this case, you can skip the Provide License step, click Next.

18.On the System Configuration Check page, Veeam will verify and install requirement components automatically. The Veeam Backup and Replication Management server may need to reboot.

19.Click Yes to confirm the reboot server.

20.After reboot, repeat steps 10-17.

21.On the Service Account page, click Next.

22.On the Database page, click Next.

23.Click Yes to ensure this installation is connected to the selected database.

24.Click Upgrade on the Ready to Upgrade page.

25.There are 6 steps for upgrading the Veeam Backup & Replication management server.

26.Ensure the upgrade is successful and click finish.

27.Open the Veeam Backup & Replication 12 Console and click Connect.

28.Enter the MFA Confirmation code and click Confirm.

29. Select all servers on the Components Update page and click Apply.

30.On the Components Update page, ensure all components are updated successfully for all servers and click Finish.

31.Verify the Veeam Backup & Replication version from the Veeam Backup & Replication console (Help |Abut).

32.Ensure that the version is 12.2.0.334.

33.Re-enable all jobs.

I hope you enjoy this post.

Cary Sun

X: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

Amazon Author: Amazon.com/author/carysun