CVE-2024-40711:
Deserialization of untrusted data in Veeam Backup & Recovery enables unauthenticated remote code execution (RCE) via a crafted payload in affected versions.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Sep 7, 2024
- CISA KEV Date:Oct 17, 2024
- Industries Affected:20
40 DaysThreat Predictions
- EPSS Score:64.1
- EPSS Percentile:98%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Deserialization of untrusted data in Veeam Backup & Recovery enables unauthenticated remote code execution (RCE) via a crafted payload in affected versions.
Overview
This vulnerability arises from the deserialization of untrusted data within Veeam Backup and Recovery, permitting unauthenticated attackers to achieve remote code execution by delivering a crafted payload. It affects versions up to 12.1.2, making it a high-severity issue that can enable full system compromise with no user interaction required.
Remediation
- Identify all systems running Veeam Backup & Recovery versions 12.1.2 or earlier.
- Upgrade to a patched version released by Veeam that mitigates CVE-2024-40711; consult Veeam KB4649 for guidance and the exact fixed versions.
- After patching, verify the upgrade status on all instances and confirm the vulnerable version is no longer present.
- Restrict exposure of backup management interfaces to trusted networks only (firewall, VPN, and access controls).
- Monitor for indicators of compromise and suspicious deserialization activity; review logs for anomalous payloads and remote code execution attempts.
- If a patch cannot be applied immediately, implement compensating controls such as disabling features that deserialize untrusted data, applying network-level mitigations, and using a application-layer Web Application Firewall to block crafted payloads until a fix is deployed.
References
- - [Veeam KB4649](https://www.veeam.com/kb4649)
- - [WatchTowr Labs - Veeam Backup Response RCE CVE-2024-40711](https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/)
- - [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json)
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Sep 5, 2024
- CISA KEV Date:Oct 17, 2024
- Days Early:40 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
