CanSSOC advisory: Vulnerability – Critical RCE flaw in Veeam backup & replication software
Published: September 10, 2024
TLP: CLEAR
CanSSOC Threat Assessment [*]: HIGH
Topics on this page:
Summary:
Veeam has issued security patches addressing 18 high and critical vulnerabilities across its Backup & Replication (VBR), Service Provider Console, and ONE products. The most severe flaw, CVE-2024-40711, is a remote code execution (RCE) vulnerability with a CVSS score of 9.8. This flaw allows attackers to exploit VBR without authentication, making it a prime target for ransomware actors.
Other vulnerabilities in Veeam’s Service Provider Console and ONE products were also patched, including CVE-2024-42024 and CVE-2024-38650, scoring above 9.0 in severity, posing significant risks of system compromise.
We request that institutions with the necessary resources investigate any activity associated with this vulnerability and report their findings back to CanSSOC through their institutional Slack channel or via security@canssoc.canarie.ca.
Details:
- CVE|CVSS: CVE| CVSS: CVE-2024-40711|9.8
- Impact: This vulnerability enables attackers to exploit VBR without authentication.
- Active exploitation: There are no reports of active exploitation in the wild; however, similar flaws have been exploited by adversaries in the past to deploy ransomware.
Recommendations:
- Recommended action: Users are strongly advised to apply patches immediately.
Support:
As always, please contact security.response@utoronto.ca if you have any questions or concerns or feel that a device has been compromised by this vulnerability.
Footnotes:
[*] The CanSSOC Threat Assessment has the following four scores: LOW, MEDIUM, HIGH, SEVERE.