CVE-2024-39718 – An improper input validation vulnerability in V... (How to Fix)

Q: What is the severity of CVE-2024-39718?

CVE-2024-39718 has a CVSS score of 8.1 (HIGH). An improper input validation vulnerability in Veeam software allows low-privileged authenticated users to remotely delete files on the system with the permissions of the service account. This affects Veeam Backup & Replication installations where users have access to the backup console. The vulnerability enables file deletion without proper authorization checks.

📋 TL;DR

An improper input validation vulnerability in Veeam software allows low-privileged authenticated users to remotely delete files on the system with the permissions of the service account. This affects Veeam Backup & Replication installations where users have access to the backup console. The vulnerability enables file deletion without proper authorization checks.

💻 Affected Systems

Products:

Veeam Backup & Replication

Versions: 12.1.2.172

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects installations where users have console access. The vulnerability is in the specific build 12.1.2.172.

📦 What is this software?

Veeam Backup \& Replication by Veeam

View all CVEs affecting Veeam Backup \& Replication →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could delete critical system files, backup data, or configuration files, potentially causing data loss, service disruption, or system compromise.

🟠

Likely Case

Malicious or compromised low-privileged users deleting backup files, configuration files, or other data accessible to the Veeam service account.

🟢

If Mitigated

Limited impact with proper access controls, network segmentation, and monitoring in place to detect unauthorized file deletion attempts.

🌐 Internet-Facing: MEDIUM - Risk exists if Veeam console is exposed to internet, but exploitation requires authenticated access.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this vulnerability to delete important files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the Veeam console. The vulnerability involves improper input validation in file deletion functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 12.1.3.172 or later

Vendor Advisory: https://www.veeam.com/kb4649

Restart Required: Yes

Instructions:

1. Download Veeam Backup & Replication 12.1.3.172 or later from Veeam website. 2. Run the installer on the backup server. 3. Follow the upgrade wizard. 4. Restart the Veeam Backup Service after installation.

🔧 Temporary Workarounds

Restrict Console Access

all

Limit access to Veeam console to only trusted administrators

Implement Least Privilege

all

Review and minimize permissions for all Veeam console users

🧯 If You Can't Patch

Implement strict access controls to limit who can access the Veeam console
Enable detailed logging and monitoring for file deletion activities

🔍 How to Verify

Check if Vulnerable:

Check Veeam Backup & Replication version in console: Help > About. If version is 12.1.2.172, system is vulnerable.

Check Version:

In Veeam console: Navigate to Help > About to view version

Verify Fix Applied:

After patching, verify version shows 12.1.3.172 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion events in Veeam logs
Multiple file deletion attempts by low-privileged users
Failed authorization attempts for file operations

Network Indicators:

Unusual traffic patterns to Veeam console from non-admin accounts

SIEM Query:

source="veeam_logs" AND (event_type="file_deletion" OR operation="delete") AND user_role!="administrator"

📊 Metadata

CVE ID: CVE-2024-39718

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Published: September 7, 2024

Last Updated: May 8, 2025

🔗 References

https://www.veeam.com/kb4649 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON