Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)


CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data.

Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged for full system takeover, and security researchers from watchTowr Labs have already confirmed its potential for exploitation.

Luckily for enterprises using VBR, both companies have refrained from sharing PoC exploit code or additional details about the flaw until most admins have had a chance to implement the fix Veeam provided last week.

About CVE-2024-40711

Veeam Backup & Replication is a popular enterprise solution for backing up, replicating and and restoring backups of virtual environments, physical machines and cloud-based workloads.

Ransomware groups have previously exploited vulnerabilities (e.g., CVE-2023-27532) in VBR to gain access to organizations’ backup infrastructure.

CVE-2024-40711 is an unspecified vulnerability affecting VBR version 12.1.2.172 and all earlier versions.

“CVE-2024-40711 could allow an attacker to gain full control of a system, manipulate data, and potentially move laterally within a network, making it a relatively high-value target for threat actors,” Censys researchers noted on Friday.

They also pinpointed 2,833 internet-facing Veeam Backup & Replication servers exposed on the Internet, mostly concentrated in Germany and France – but how many of those are vulnerable is unknown.

Fix is available

Veeam has fixed CVE-2024-40711 and five other less critical flaws affecting VBR on Thursday, and has urged admins to update to Veeam Backup & Replication 12.2 (build 12.2.0.334). The company did not mention possible workarounds for any of them.

Simultaneously, the company issued fixes for a variety of vulnerabilities in:

  • Veeam Agent for Linux
  • Veeam ONE (monitoring and analytics solution for IT workloads)
  • Veeam Backup for Nutanix AHV and Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization, and
  • Veeam Service Provider Console (a solution for managing data backup operations, used by MSPs and enterprises).




Source link