CVE-2024-29849

CRITICAL

Veeam Backup Enterprise Manager - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-29849. PoCs published by sinsinology.

AI-analyzed exploit summary This is a functional exploit for CVE-2024-29849, an authentication bypass vulnerability in Veeam Backup Enterprise Manager. It leverages a malicious SAML assertion to impersonate a user (default: administrator) by setting up a callback server to intercept and respond to SAML authentication requests.

Description

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

Exploits (1)

nomisec WORKING POC 89 stars

by sinsinology · poc

https://github.com/sinsinology/CVE-2024-29849

View Code ZIP pw:eip

This is a functional exploit for CVE-2024-29849, an authentication bypass vulnerability in Veeam Backup Enterprise Manager. It leverages a malicious SAML assertion to impersonate a user (default: administrator) by setting up a callback server to intercept and respond to SAML authentication requests.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Veeam Backup Enterprise Manager

No auth needed

Prerequisites: Target Veeam Backup Enterprise Manager instance · Network access to the target · SSL certificate and key for the callback server

MITRE ATT&CK

T1550.002 - Pass the Hash

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://veeam.com/kb4581

Scores

CVSS v3 9.8

EPSS 0.1667

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (1)

veeam/veeam_backup_\&_replication < 12.1.2.172

Published May 22, 2024

Tracked Since Feb 18, 2026