September 19, 2024 at 04:10PM
A researcher has released a proof-of-concept exploit and analysis for CVE-2024-40711, a critical vulnerability in Veeam’s backup software. The flaw, with a CVSS score of 9.8, allows unauthenticated remote code execution. Veeam has released patches, but there are concerns about their effectiveness. Enterprises are urged to apply the latest patch promptly due to the availability of a public exploit.
Based on the meeting notes, here are the key takeaways:
– A critical vulnerability tracked as CVE-2024-40711 has been discovered in Veeam’s backup and replication software. This unauthenticated remote code execution (RCE) flaw has a CVSS score of 9.8 and affects versions 12.1.2.172 and below.
– The vulnerability is susceptible to deserialization attacks due to an aging communication mechanism, which allows threat actors to create malicious payloads that bypass protective measures put in place by Veeam.
– Veeam’s patching process involved addressing a variety of other security flaws in addition to CVE-2024-40711, with 1,900 file modifications discovered, 700 of which were non-security related.
– Veeam released two patches to address the vulnerability. The first patch, version 12.1.2.172, still required low-level credentials for exploitation, while the second patch, version 12.2.0.334, fully resolves the flaw.
– It is suggested that enterprises apply the latest patch promptly, as a proof-of-concept exploit for the vulnerability has been publicly released on GitHub, potentially giving attackers the means to launch attacks.
– Dark Reading has reached out to Veeam for more information about their approach to addressing the vulnerability.
These key points should be communicated to relevant stakeholders for immediate action and awareness of the potential risks associated with the Veeam vulnerability.