A critical vulnerability [1] [2], identified as CVE-2024-40711 [1] [2], has been discovered in Veeam’s backup and replication software [1], posing a remote code execution (RCE) threat with a CVSS score of 9.8 [1].

Description

This vulnerability affects versions 12.1.2.172 and below and is susceptible to deserialization attacks [1]. Veeam has released two patches to address the flaw [1], with the first patch still allowing threat actors with low-level credentials to exploit the vulnerability [1], while the second patch fully resolves the issue [1]. It is recommended that enterprises apply the latest patch promptly to mitigate the risk of exploitation [1], as a proof-of-concept (PoC) exploit for the vulnerability has been publicly released [1]. Ekco [2], in response to this major vulnerability, invested over 250 hours in remediation efforts [2], prioritizing patching vulnerable systems and engaging with both managed and non-managed clients to ensure their systems were protected [2]. Despite challenges and post-upgrade issues [2], Ekco learned valuable lessons and is committed to enhancing security measures and communication strategies [2]. Ekco recommends all users to upgrade to the latest supported versions of Veeam to mitigate the risk of exploitation [2]. Additionally, Ekco offers detection capabilities through their partner watchTowr to help identify weaknesses in cyber security posture [2], including Veeam backup and disaster recovery environments [2].

Conclusion

It is crucial for organizations to promptly apply the latest patch provided by Veeam to mitigate the risk of exploitation posed by the CVE-2024-40711 vulnerability. Ekco’s proactive response to this threat highlights the importance of prioritizing security measures and engaging with clients to ensure their systems are protected. Moving forward, organizations should continue to enhance their security measures and communication strategies to effectively address potential vulnerabilities in their systems.

References

[1] https://www.darkreading.com/application-security/poc-exploit-for-rce-flaw-but-patches-from-veeam
[2] https://www.ek.co/publications/ekco-swiftly-secures-veeam-vulnerabilities/