Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool
CVE-2024-40711
Key Information:
- Vendor
- Veeam
- Status
- Vendor
- CVE Published:
- 7 September 2024
Badges
What is CVE-2024-40711?
CVE-2024-40711 is a critical vulnerability identified in a vulnerability scanning tool developed by Veeam. This flaw enables unauthenticated remote code execution (RCE), allowing malicious actors to execute arbitrary code on affected systems without any prior authentication. The ability for unauthorized users to execute commands directly poses a significant threat to organizations, potentially leading to system compromise, data breaches, and operational disruptions.
Technical Details
The vulnerability arises from a deserialization of untrusted data issue, which occurs when the software improperly processes serialized data from external sources. If a malicious payload is crafted and sent to the tool, it can be deserialized improperly, resulting in the execution of arbitrary code. This vulnerability highlights the importance of robust data validation and deserialization practices in software development to prevent unauthorized access.
Impact of the Vulnerability
-
Unauthorized System Access: The vulnerability allows attackers to gain unauthorized access to systems running the affected Veeam tool, leading to potential control over critical infrastructure and sensitive data.
-
Data Breach Potential: Attackers can exploit this flaw to access, modify, or exfiltrate sensitive information within the organization, resulting in severe privacy and compliance repercussions.
-
Increased Risk of Malware Deployment: As the vulnerability permits remote code execution, it opens the door for attackers to install and execute additional malware, including ransomware, further exacerbating the threat landscape for affected organizations.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Backup and Recovery 12.1.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
CISA (.gov)CVE-2024-40711CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40711(link is external) Veeam Backup and Replication Deserialization...
3 weeks ago
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist
In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it handles uncontrolled deserialization...
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware.
References
EPSS Score
41% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 👾
Exploit known to exist
- 📰
First article discovered by The Stack
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
Vulnerability published
Vulnerability Reserved