Veeam Backup and Replication Vulnerability - CVE-2024-40711

12 Sep / 2024

Industry News

Veeam Backup and Replication Vulnerability

  • CVE ID - CVE-2024-40711
  • CVSS - 9.8/10

What Is Vulnerable

What is Happening

Veeam has announced a critical vulnerability whereby an attacker can execute arbitrary code on any system running Veaam Backup and Replication 12.1.2.172 or earlier.
Successful exploitation of CVE-2024-40711 can allow an attacker to gain full control of a system, manipulate data, and potentially move laterally within a network, making it a relatively high-value target for threat actors.


Key Facts

  • The only affected product by this vulnerability within the Veeam product suite is Veeam Backup & Replication.
  • Adversaries can only exploit this vulnerability if they already have a foothold in your private environment, unless the Veeam solution is internet facing.
  • Updates to remediate this vulnerability have been issued

What you can do

  • Veeam Backup & Replication should immediately be upgraded to version 12.2 build 12.2.0.334. It is recommended to prioritise this patch as soon as possible, and to not wait for a regular patch cycle.
  • Instructions on how to install this patch can be found here

Assessing for possible impact

Cythera is actively monitoring for exploitation and post-exploitation activity associated with CVE-2024-40711 for managed detection and response clients 

Cythera is committed to protecting our customers from cyber threats and ensuring their business continuity.
If you have any questions or concerns about this or any other cybersecurity issue, please contact us

Resources

You may be interested in

Crafting Compelling Business Cases for Cybersecurity Funding: Strategies for Success

In today’s volatile geopolitical and global economic environment, Australian small and medium-sized businesses (SMEs) face an escalating threa…

Read More arrow_forward

Threat Hunting at Scale: How Cythera’s Latest Capabilities Enhance Security

We’ve recently seen a rapid evolution in the sophistication of automated cybersecurity applications and functionality. Tools such as Next Gene…

Read More arrow_forward

Elevating Cloud Security and Optimisation with Cato Networks and Cythera

Around 44% of global companies now support remote work, and businesses are having to reshape how they structure and secure their networks. Tradi…

Read More arrow_forward