A researcher has launched a proof-of-concept (PoC) exploit and evaluation for a crucial vulnerability, tracked as CVE-2024-40711, utilized in Veeam’s backup and replication software program.
As an unauthenticated distant code execution (RCE) flaw, the vulnerability has a CVSS rating of 9.8 and threatens environments which are working variations 12.1.2.172 and beneath.
Initially reported for its excessive potential for exploitation, the vulnerability possesses an getting old communication mechanism that makes it weak to deserialization assaults. And it has an exploitation path that permits risk actors to create malicious payloads that bypass the protecting measures Veeam has put in place.
Whereas assessing the vulnerability, the safety groups found 1,900 file modifications, 700 of which had been deemed non-security associated, indicating that Veeam’s patching course of went past simply CVE-2024-40711 and sure concerned addressing a wide range of different safety flaws as properly.
Veeam launched two suggestions to handle totally different parts of the vulnerability. The primary patch, model 12.1.2.172, made it in order that low-level credentials had been nonetheless required to ensure that risk actors to use the vulnerability. The second patch, model 12.2.0.334, absolutely resolves the flaw. It is doable that the vulnerability was extra extreme than Veeam initially let on, and that the primary patch didn’t absolutely mitigate the RCE risk, leaving methods uncovered and prompting a second try and patch.
Darkish Studying has contacted Veeam for extra details about its method.
Within the meantime, it is beneficial that enterprises apply the newest patch as quickly as doable, since a PoC exploit for the vulnerability has been made publicly accessible on GitHub, giving attackers instruments to launch their subsequent assaults.Â