Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: A CRITICAL VULNERABILITY AFFECTS VEEAM RECOVERY ORCHESTRATOR, PATCH IMMEDIATELY!
Image
Published : 12/06/2024
Reference:
Advisory #2024-84
Version:
1.0
Affected software:
Veeam Recovery Orchestrator (VRO) versions 7.0.0.337 and 7.1.0.205
Type:
Hijacking of administrative privileges
CVE/CVSS:
CVE-2024-29855 :CVSS 9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
Veeam Recovery Orchestrator (VRO) automates and streamlines disaster recovery with automated testing, reporting and dashboards, for organizations to achieve faster recovery, minimal data loss, and enhanced resilience. A compromised VRO could severely undermine an organization’s ability to recover from an incident.
The current vulnerability has a HIGH impact on Confidentiality, Integrity and Availability.
This vulnerability presents a high risk, making it crucial for organizations to address it promptly to maintain their disaster recovery capabilities and overall resilience.
Update 17/06/2024: A proof of concept is available. The Centre for Cybersecurity Belgium assesses exploitation is likely to take place in the future.
Description
CVE-2024-29855: Hijacking of administrative privileges
CVE-2024-29855 enables an attacker to access the VRO web UI with administrative privileges. To execute this hijack, the attacker must know the precise username and role of an account that possesses an active VRO UI access token.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
For environments operating VRO 7.0.0.337, either upgrade to 7.1.0.230 or install the following patch to update to build 7.0.0.379.
For environments operating VRO 7.1.0.205, install the following patch to update to build 7.1.0.230.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://cvefeed.io/vuln/detail/CVE-2024-29855
https://www.security-next.com/158226