Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool
CVE-2024-40711
Key Information
- Vendor
- Veeam
- Status
- Backup And Recovery
- Vendor
- CVE Published:
- 7 September 2024
Badges
What is CVE-2024-40711?
CVE-2024-40711 is a critical vulnerability identified in a vulnerability scanning tool developed by Veeam. This flaw enables unauthenticated remote code execution (RCE), allowing malicious actors to execute arbitrary code on affected systems without any prior authentication. The ability for unauthorized users to execute commands directly poses a significant threat to organizations, potentially leading to system compromise, data breaches, and operational disruptions.
Technical Details
The vulnerability arises from a deserialization of untrusted data issue, which occurs when the software improperly processes serialized data from external sources. If a malicious payload is crafted and sent to the tool, it can be deserialized improperly, resulting in the execution of arbitrary code. This vulnerability highlights the importance of robust data validation and deserialization practices in software development to prevent unauthorized access.
Impact of the Vulnerability
-
Unauthorized System Access: The vulnerability allows attackers to gain unauthorized access to systems running the affected Veeam tool, leading to potential control over critical infrastructure and sensitive data.
-
Data Breach Potential: Attackers can exploit this flaw to access, modify, or exfiltrate sensitive information within the organization, resulting in severe privacy and compliance repercussions.
-
Increased Risk of Malware Deployment: As the vulnerability permits remote code execution, it opens the door for attackers to install and execute additional malware, including ransomware, further exacerbating the threat landscape for affected organizations.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-40711 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Backup and Recovery <= 12.1.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware.
2 months ago
Veeam patches 5 critical vulnerabilities, including unauthenticated RCE flaw
An advisory for 18 patched flaws includes one that could enable โfull system takeover,โ researchers said.
2 months ago
CISA confirms Veeam vulnerability is being used in ransomware attacks
CISA added CVE-2024-40711 to its Known Exploited Vulnerabilities database and specified that the bug in Veeam software products is being used to facilitate ransomware attacks.
2 months ago
References
EPSS Score
96% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐ฐ
Used in Ransomware
- ๐ฆ
CISA Reported
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by The Stack
- ๐ฅ
Vulnerability reached the number 1 worldwide trending spot
- ๐
Vulnerability started trending
Vulnerability published
Vulnerability Reserved