A researcher has launched a proof-of-concept (PoC) exploit and evaluation for a important vulnerability, tracked as CVE-2024-40711, utilized in Veeam’s backup and replication software program.
As an unauthenticated distant code execution (RCE) flaw, the vulnerability has a CVSS rating of 9.8 and threatens environments which might be operating variations 12.1.2.172 and beneath.
Initially reported for its excessive potential for exploitation, the vulnerability possesses an getting old communication mechanism that makes it susceptible to deserialization assaults. And it has an exploitation path that permits risk actors to create malicious payloads that bypass the protecting measures Veeam has put in place.
Whereas assessing the vulnerability, the safety groups found 1,900 file modifications, 700 of which had been deemed non-security associated, indicating that Veeam’s patching course of went past simply CVE-2024-40711 and sure concerned addressing a wide range of different safety flaws as properly.
Veeam launched two suggestions to handle completely different elements of the vulnerability. The primary patch, model 12.1.2.172, made it in order that low-level credentials had been nonetheless required to ensure that risk actors to take advantage of the vulnerability. The second patch, model 12.2.0.334, totally resolves the flaw. It is attainable that the vulnerability was extra extreme than Veeam initially let on, and that the primary patch didn’t totally mitigate the RCE risk, leaving methods uncovered and prompting a second try to patch.
Darkish Studying has contacted Veeam for extra details about its strategy.
Within the meantime, it is advisable that enterprises apply the most recent patch as quickly as attainable, since a PoC exploit for the vulnerability has been made publicly accessible on GitHub, giving attackers instruments to launch their subsequent assaults.