ATTACK [PTsecurity] Veeam Backup Manager Authentication Bypass (CVE-2024-29849). XB set CVE-2024-29849.POST

SID: 10011480Rev: 131 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Veeam Backup Manager Authentication Bypass (CVE-2024-29849). XB set CVE-2024-29849.POST"; flow:established, to_server; http.uri; content:"/api/sessionMngr"; http.request_body; content:"VMwareSSOToken"; pcre:"/(?:PHNhbWwyOklzc3Vlcj|xzYW1sMjpJc3N1ZXI+|c2FtbDI6SXNzdWVyPg)/RP"; xbits:set, CVE-2024-29849.POST, track ip_src, expire 15; flowbits:noalert; reference:cve, 2024-29849; reference:url, summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10011480; rev:1;)

References

cve2024-29849
urlsummoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!