Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool

CVE-2024-40711

9.8CRITICAL

Key Information

Vendor
Veeam
Status
Backup And Recovery
Vendor
CVE Published:
7 September 2024

Badges

๐Ÿฅ‡ Trended No. 1๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 11,600๐Ÿ’ฐ Ransomware๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 96%๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

What is CVE-2024-40711?

CVE-2024-40711 is a critical vulnerability identified in a vulnerability scanning tool developed by Veeam. This flaw enables unauthenticated remote code execution (RCE), allowing malicious actors to execute arbitrary code on affected systems without any prior authentication. The ability for unauthorized users to execute commands directly poses a significant threat to organizations, potentially leading to system compromise, data breaches, and operational disruptions.

Technical Details

The vulnerability arises from a deserialization of untrusted data issue, which occurs when the software improperly processes serialized data from external sources. If a malicious payload is crafted and sent to the tool, it can be deserialized improperly, resulting in the execution of arbitrary code. This vulnerability highlights the importance of robust data validation and deserialization practices in software development to prevent unauthorized access.

Impact of the Vulnerability

  1. Unauthorized System Access: The vulnerability allows attackers to gain unauthorized access to systems running the affected Veeam tool, leading to potential control over critical infrastructure and sensitive data.

  2. Data Breach Potential: Attackers can exploit this flaw to access, modify, or exfiltrate sensitive information within the organization, resulting in severe privacy and compliance repercussions.

  3. Increased Risk of Malware Deployment: As the vulnerability permits remote code execution, it opens the door for attackers to install and execute additional malware, including ransomware, further exacerbating the threat landscape for affected organizations.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40711 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Backup and Recovery <= 12.1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Critical Veeam RCE bug now used in Frag ransomware attacks

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware.

2 months ago

Veeam patches 5 critical vulnerabilities, including unauthenticated RCE flaw

An advisory for 18 patched flaws includes one that could enable โ€œfull system takeover,โ€ researchers said.

2 months ago

CISA confirms Veeam vulnerability is being used in ransomware attacks

CISA added CVE-2024-40711 to its Known Exploited Vulnerabilities database and specified that the bug in Veeam software products is being used to facilitate ransomware attacks.

2 months ago

References

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ’ฐ

    Used in Ransomware

  • ๐Ÿฆ…

    CISA Reported

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by The Stack

  • ๐Ÿฅ‡

    Vulnerability reached the number 1 worldwide trending spot

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database3 Proof of Concept(s)14 News Article(s)
.