Attacker Value
Very High
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
2

CVE-2024-40711

Disclosure Date: September 07, 2024
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Add Assessment

1
Ratings
Technical Analysis

Critical unauthenticated remote code execution vulnerability in Veeam Backup & Replication, a perennially popular target for abuse (including by ransomware groups). Rapid7 has a blog here on this vulnerability, as well as other Veeam vulns patched over the summer of 2024.

CVE-2024-40711 is being exploited by multiple ransomware crews, including Akira, Fog, and a new group called Frag, per Sophos X-Ops. Sophos’s blog on exploitation notes they began seeing MDR cases in October 2024. The CVE was added to CISA KEV on October 17, roughly 7 weeks after it was disclosed. Cybersecurity Dive has some solid additional context here.

Veeam Backup & Replication generally shouldn’t be exposed to the internet, but several technical reports have noted that this bug is still a great target for attackers who purchase initial access to corporate networks from access brokers. Public proof-of-concept code is available. Patch this one on an emergency basis if you haven’t already.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • veeam

Products

  • veeam backup & replication

Exploited in the Wild

Reported by:

References

Exploit
PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

Additional Info

Technical Analysis