Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool

CVE-2024-40711

9.8CRITICAL

Key Information

Vendor: Veeam
Status: Backup And Recovery
Vendor: CVE Published:; 7 September 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC

Summary

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Affected Version(s)

Backup and Recovery <= 12.1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-40711
Created by watchtowrlabs

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Sep 16, 2024
Risk change from: null to: 9.8 - (CRITICAL)
Sep 7, 2024
Vulnerability started trending.
Sep 7, 2024
🔥
Vulnerability reached the number 1 worldwide trending spot.
Sep 7, 2024
Vulnerability published.
Sep 7, 2024
Vulnerability Reserved.
Jul 9, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)