June 13, 2024 By Bill Toulas
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.
The exploit was developed by security researcher Sina Kheirkha, who also published a detailed post on his site. The post showcased that the flaw is practically more straightforward to exploit than the vendor's bulletin suggested.
Critical authentication bypass
CVE-2024-29855, rated 9.0 as per CVSS v3.1 ("critical"), is an authentication bypass vulnerability impacting Veeam Recovery Orchestrator (VRO) versions 7.0.0.337 and 7.1.0.205 and older.
The flaw allows unauthenticated attackers to log in to the Veeam Recovery Orchestrator web UI with administrative privileges.
The problem arises from the use of a hardcoded JSON Web Token (JWT) secret, which enables attackers to generate valid JWT tokens for any user, including administrators.
