TLP: CLEAR
CanSSOC Threat Assessment ^[*]: HIGH

1. Summary
2. Details
3. Recommendations
4. References
5. Support

Veeam has issued security patches addressing 18 high and critical vulnerabilities across its Backup & Replication (VBR), Service Provider Console, and ONE products. The most severe flaw, CVE-2024-40711, is a remote code execution (RCE) vulnerability with a CVSS score of 9.8. This flaw allows attackers to exploit VBR without authentication, making it a prime target for ransomware actors.

Other vulnerabilities in Veeam’s Service Provider Console and ONE products were also patched, including CVE-2024-42024 and CVE-2024-38650, scoring above 9.0 in severity, posing significant risks of system compromise.

We request that institutions with the necessary resources investigate any activity associated with this vulnerability and report their findings back to CanSSOC through their institutional Slack channel or via security@canssoc.canarie.ca.

• CVE|CVSS: CVE| CVSS: CVE-2024-40711|9.8
• Impact: This vulnerability enables attackers to exploit VBR without authentication.
• Active exploitation: There are no reports of active exploitation in the wild; however, similar flaws have been exploited by adversaries in the past to deploy ransomware.

• Recommended action: Users are strongly advised to apply patches immediately.

• Veeam warns of critical RCE flaw in Backup & Replication software – BleepingComputer
• Veeam Security Bulletin (September 2024)
• Veeam backup & replication faces RCE flaw– CVE-2024-40711 (CVSS 9.8) allows full system takeover – Nicolas Krassas on x.com

As always, please contact security.response@utoronto.ca if you have any questions or concerns or feel that a device has been compromised by this vulnerability.

[*] The CanSSOC Threat Assessment has the following four scores: LOW, MEDIUM, HIGH, SEVERE.