-
- Enthusiast
- Posts: 57
- Liked: 12 times
- Joined: Jan 06, 2022 1:55 pm
- Full Name: IanE
- Contact:
kb4682 CVE-2024-40715 MITM against Enterprise Manager
Anyone been able to get the hotfix on from https://www.veeam.com/kb4682
I tried to copy it to my EM server, but I couldn't as the server thought there was a virus/potentially unwanted application. And now Chrome on my desktop won't download it.
I tried to copy it to my EM server, but I couldn't as the server thought there was a virus/potentially unwanted application. And now Chrome on my desktop won't download it.
-
- Enthusiast
- Posts: 57
- Liked: 12 times
- Joined: Jan 06, 2022 1:55 pm
- Full Name: IanE
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
update to this - I've found the reason for the issue I have - the fileserver to which I downloaded the zip before transferring it to the EM server is protected by the Microsoft ASR rules. These rules detect malware, as does virustotal.
I could work around this, by downloading to a server NOT protected in this way, but I'm wary of a potential supply-chain attack and have opened 07494670 with Veeam for advice.
I could work around this, by downloading to a server NOT protected in this way, but I'm wary of a potential supply-chain attack and have opened 07494670 with Veeam for advice.
-
- Service Provider
- Posts: 132
- Liked: 32 times
- Joined: Jan 04, 2018 4:51 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Did you hear back about this?
-
- Enthusiast
- Posts: 57
- Liked: 12 times
- Joined: Jan 06, 2022 1:55 pm
- Full Name: IanE
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Last week I heard that it has been referred to the security team and I'd hear back this week.
-
- Veeam Software
- Posts: 2838
- Liked: 650 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Hi all,
Thank you for reporting this and for sharing the case number.
While I suspect it's a false-positive, will check with our AppSec team and share this report, and will update the thread once we have more information.
Thank you for reporting this and for sharing the case number.
While I suspect it's a false-positive, will check with our AppSec team and share this report, and will update the thread once we have more information.
David Domask | Product Management: Principal Analyst
-
- Enthusiast
- Posts: 57
- Liked: 12 times
- Joined: Jan 06, 2022 1:55 pm
- Full Name: IanE
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
I also expect it to be FP, I think it was just windows ASR being a but twitchy because 2 vendors were suspicious on virustotal. When you look at the behaviors though on virustotal, it does a hell of a lot for just replacing one dll!
And given that Veeam would be ripe for a supply-chain attack, I'm not installing the patch until I get more reassurance (we don't open EM to end users, only 4 x backup admins from designated workstations so it's a low risk vuln for us)
And given that Veeam would be ripe for a supply-chain attack, I'm not installing the patch until I get more reassurance (we don't open EM to end users, only 4 x backup admins from designated workstations so it's a low risk vuln for us)
-
- Veeam Software
- Posts: 2838
- Liked: 650 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Hi all,
Our Application Security team contends it's a false-positive. Likely some factors (distributed as .zip, file renaming, etc) triggered a false-positive. Will work to see if we can get it cleared with the relevant A/V vendors, but by all indicators, it's a false-positive.
Edit 2024-11-12: At least one AV vendor has responded and updated their scanning engine to resolve the false-positive; it may take some time for this change to be distributed.
Our Application Security team contends it's a false-positive. Likely some factors (distributed as .zip, file renaming, etc) triggered a false-positive. Will work to see if we can get it cleared with the relevant A/V vendors, but by all indicators, it's a false-positive.
Edit 2024-11-12: At least one AV vendor has responded and updated their scanning engine to resolve the false-positive; it may take some time for this change to be distributed.
David Domask | Product Management: Principal Analyst
-
- Expert
- Posts: 138
- Liked: 23 times
- Joined: Mar 18, 2021 6:04 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Hello,
What's the situation there? The kb4682 page doesn't exist anymore at the time of writing this message.
Thanks.
What's the situation there? The kb4682 page doesn't exist anymore at the time of writing this message.
Thanks.
-
- Veeam Software
- Posts: 2838
- Liked: 650 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Hi FrenchBlue,
There appears to be an issue with the page as there have been reports of it being inaccessible intermittently from various regions. This has been reported to our internal teams and we're looking into it.
Edit: Seems to be live again. @FrenchBlue can you try in private/incognito window or with clean cache and tell if it works?
There appears to be an issue with the page as there have been reports of it being inaccessible intermittently from various regions. This has been reported to our internal teams and we're looking into it.
Edit: Seems to be live again. @FrenchBlue can you try in private/incognito window or with clean cache and tell if it works?
David Domask | Product Management: Principal Analyst
-
- Expert
- Posts: 138
- Liked: 23 times
- Joined: Mar 18, 2021 6:04 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Hello,
Yes, the page is working again now, without any action in the browser. So what's the status, should we patch or not?
Thanks.
Yes, the page is working again now, without any action in the browser. So what's the status, should we patch or not?
Thanks.
-
- Veeam Software
- Posts: 2838
- Liked: 650 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
Patch. It's a false-positive, and already one of the AV vendors has already updated their listings to stop flagging it.
And thanks for confirming the KB loads for you.
And thanks for confirming the KB loads for you.
David Domask | Product Management: Principal Analyst
-
- Expert
- Posts: 138
- Liked: 23 times
- Joined: Mar 18, 2021 6:04 pm
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
OK thanks, clear.
-
- Enthusiast
- Posts: 57
- Liked: 12 times
- Joined: Jan 06, 2022 1:55 pm
- Full Name: IanE
- Contact:
Re: kb4682 CVE-2024-40715 MITM against Enterprise Manager
also, from my case
"Thank you for your patience in this subject. I received an update from our security team, as long as you download this file directly from us and the hash matches what we published, you are cleared to proceed - you can consider the tool alert as a false positive. "
"Thank you for your patience in this subject. I received an update from our security team, as long as you download this file directly from us and the hash matches what we published, you are cleared to proceed - you can consider the tool alert as a false positive. "
Who is online
Users browsing this forum: Amazon [Bot] and 21 guests