Veeam Backup and Replication Vulnerability - CVE-2024-40711

12 Sep / 2024

Industry News

Veeam Backup and Replication Vulnerability

  • CVE ID - CVE-2024-40711
  • CVSS - 9.8/10

What Is Vulnerable

What is Happening

Veeam has announced a critical vulnerability whereby an attacker can execute arbitrary code on any system running Veaam Backup and Replication 12.1.2.172 or earlier.
Successful exploitation of CVE-2024-40711 can allow an attacker to gain full control of a system, manipulate data, and potentially move laterally within a network, making it a relatively high-value target for threat actors.


Key Facts

  • The only affected product by this vulnerability within the Veeam product suite is Veeam Backup & Replication.
  • Adversaries can only exploit this vulnerability if they already have a foothold in your private environment, unless the Veeam solution is internet facing.
  • Updates to remediate this vulnerability have been issued

What you can do

  • Veeam Backup & Replication should immediately be upgraded to version 12.2 build 12.2.0.334. It is recommended to prioritise this patch as soon as possible, and to not wait for a regular patch cycle.
  • Instructions on how to install this patch can be found here

Assessing for possible impact

Cythera is actively monitoring for exploitation and post-exploitation activity associated with CVE-2024-40711 for managed detection and response clients 

Cythera is committed to protecting our customers from cyber threats and ensuring their business continuity.
If you have any questions or concerns about this or any other cybersecurity issue, please contact us

Resources

You may be interested in

Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities CVE: CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516What is Vuln…

Read More arrow_forward

The Cythera Approach To Incident Response

We’re increasingly assisting more organisations respond to security incidents and breaches, in every industry vertical. If you need some point…

Read More arrow_forward

Safeguarding the Australian Health Sector with SASE: Beyond Perimeter Defense

Safeguarding the Australian Health Sector with SASE: Beyond Perimeter Defense Across the Australian healthcare landscape, digital transformatio…

Read More arrow_forward