Security News > 2024 > June > Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A proof-of-concept exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.
CVE-2024-29855, rated 9.0 as per CVSS v3.1, is an authentication bypass vulnerability impacting Veeam Recovery Orchestrator versions 7.0.0.337 and 7.1.0.205 and older.
As the exploit for CVE-2024-29855 is now publicly available, attackers will likely try to leverage it against unpatched systems, so applying the available security updates as soon as possible is crucial.
Exploit for critical Veeam auth bypass available, patch now.
Exploit for critical Progress Telerik auth bypass released, patch now.
Exploit released for maximum severity Fortinet RCE bug, patch now.
News URL
Related news
- Exploit for critical Veeam auth bypass available, patch now (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
- Veeam warns of critical Backup Enterprise Manager auth bypass bug (source)
- Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass (source)
- Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) (source)
- Exploit released for maximum severity Fortinet RCE bug, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-29855 | Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | 0.0 |