I’M UNDER A CYBER ATTACK

Alert

Alert 2024-38 Critical Vulnerability in Veeam Backup & Replication CVE-2024-40711

Affected Product(s):

  • Veeam Backup & Replication versions 12.1.2.172 and earlier.

Description:

Veeam recently disclosed a critical remote code execution (RCE) vulnerability identified as CVE-2024-40711. This flaw affects Veeam Backup & Replication (VBR) in versions 12.1.2.172 and earlier. The vulnerability allows unauthenticated attackers to execute arbitrary code on vulnerable systems, potentially compromising an organization’s entire infrastructure. Due to the critical role VBR plays in enterprise data protection, it is a potential target for ransomware operators. Veeam has released an update to address this issue and recommends users immediately update to version 12.2.0.334.

While proof-of-concept (PoC) exploits have been reported on GitHub, security researchers have opted not to release the full exploitation details due to the vulnerability’s significance for malware operators. Exploitation of this flaw could lead to lateral movement within the network and the compromise of the entire infrastructure. Organizations using VBR are urged to apply the updates as soon as possible.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.