A critical vulnerability in Veeam’s backup and replication software, tracked as CVE-2024-40711, has been brought to light by a researcher who released a proof-of-concept (PoC) exploit and analysis. This unauthenticated remote code execution (RCE) flaw has a CVSS score of 9.8, posing a significant threat to environments running versions 12.1.2.172 and below.
Initially noted for its high potential for exploitation, the vulnerability’s aging communication mechanism leaves it susceptible to deserialization attacks. This weakness allows threat actors to create malicious payloads that can bypass the protective measures implemented by Veeam. Security teams investigating the vulnerability found 1,900 file modifications, with 700 considered non-security related, suggesting that Veeam’s patching process addressed not only CVE-2024-40711 but also other security flaws.
To mitigate the vulnerability, Veeam released two patches. The first patch, version 12.1.2.172, required low-level credentials for threat actors to exploit the flaw. However, the second patch, version 12.2.0.334, fully resolves the RCE threat. It is speculated that the severity of the vulnerability prompted Veeam to issue a second patch, indicating that the initial patch may not have provided complete protection.
Dark Reading reached out to Veeam for further clarification on their response to the vulnerability. In the meantime, it is crucial for enterprises to apply the latest patch promptly. A PoC exploit for the vulnerability has been publicly posted on GitHub, giving attackers the means to launch potential attacks. Taking swift action to patch systems can help mitigate the risk posed by this critical vulnerability.
As the cybersecurity landscape continues to evolve, organizations must remain vigilant and proactive in addressing vulnerabilities to safeguard their systems and data. Stay informed about the latest security updates and patches to stay ahead of emerging threats.