Overview
- Description
- A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
- Source
- support@hackerone.com
- NVD status
- Analyzed
Social media
- Hype score
1
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-40711 #Veeam Backup and Replication Deserialization Vulnerability https://t.co/UV2aAf3haq
@ScyScan
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam users beware! A critical vulnerability (CVE-2024-40711) was exploited to deploy ransomware. Patch your Veeam Backup & Replication now. #Veeam #Security #Ransomware https://t.co/D2SUeQGmR6
@mmurphy2514
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Veeam Backup CVE-2024-40711 to its KEV Catalog #CISAKEV #VeeamBackup #CVE-2024-40711 https://t.co/gyLbsYUWea
@pravin_karthik
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam Products Vulnerability Exposed: Ransomware Gangs Exploit CVE-2024-40711 Veeam Backup & Replication products are facing a severe vulnerability exploited by ransomware gangs. Find out how Patch 12.2 offers a solution to this critical issue, securing your backup systems.…
@DavidGurcan
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
El proyecto CVE-2024-40711 explora una vulnerabilidad crítica que afecta a Veeam Backup & Replication https://t.co/JrzursiKVz #Informatica #SeguridadInformatica
@f3nixh4ck
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای Veeam Backup & Replication آسیب پذیری با کد شناسایی CVE-2024-40711 منتشر بود . همانطور که قبلا هم گفته بودیم بعد از انتشار یک آسیب پذیری بدافزارها به خصوص باج افزارها از آن آسیب پذیری برای گرفتن دسترسی اولیه به سیستم های قربانی استفاده می کنند. https://t.co/Y2P1U3epiq
@AmirHossein_sec
Nov 13, 2024 4:42 PM
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Campaign Alert - STAC 5881 Threat Cluster Deploys New 'Frag' Ransomware via Veeam Vulnerability CVE-2024-40711 🚨 Summary: STAC 5881 threat cluster exploit Veeam flaw (CVE-2024-40711) to deploy new ransomware "Frag," adding to their arsenal of Akira and Fog. Attackers
@CyberxtronTech
Nov 12, 2024 5:13 AM
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Frag Ransomware Targets Veeam Vulnerability! CVE-2024-40711: Is a critical Remote Code Execution vulnerability in Veeam Backup & Replication software. This flaw stems from the insecure deserialization of untrusted data, which allows unauthenticated attackers to
@Loginsoft_Inc
Nov 11, 2024 3:31 PM
58 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was
@cybertzar
Nov 11, 2024 1:34 PM
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
Nov 10, 2024 5:17 PM
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
Nov 8, 2024 5:14 PM
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
Nov 5, 2024 11:37 PM
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
Oct 30, 2024 11:48 PM
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#ThreatProtection #CVE-2024-40711 - #Veeam Backup and Replication deserialization #vulnerability exploited by #ransomware actors, read more about Symantec's protection: https://t.co/0yQUPhFWC8
@threatintel
Oct 30, 2024 12:19 PM
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
Oct 29, 2024 11:34 PM
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA KEV 警告 24/10/17:Veeam の RCE 脆弱性 CVE-2024-40711 を追加 https://t.co/wCgeHlDoc1 #Akira #BOD #CISA #KEV #Exploit #Fog #Government #PoC #Ransomware #RC #VBR #Veeam #Vulnerability
@iototsecnews
Oct 29, 2024 1:14 AM
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Veeam vuln exploited in ransomware! CVE-2024-40711 allows remote code execution. Patch now! Discuss how you're securing backups. #CyberSecurity #Veeam #Ransomware https://t.co/isQZwLXucE
@OffenseLogic
Oct 28, 2024 4:30 AM
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202440711 PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication https://t.co/Ni6TXX3yVa
@Komodosec
Oct 25, 2024 6:06 PM
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-30088 is getting exploited #inthewild. Find out more at https://t.co/QiT95nLyZp CVE-2021-4444 is getting exploited #inthewild. Find out more at https://t.co/uq5M6rwnfk CVE-2024-40711 is getting exploited #inthewild. Find out more at https://t.co/T1KmDbBwqH
@inthewildio
Oct 23, 2024 7:51 AM
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
Oct 23, 2024 1:16 AM
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Veeam Backup & Replication のRCE脆弱性 CVE-2024-40711 CVSS 9.8 Critical CISAは既知の脆弱性悪用カタログに含めました。既に悪用が確認されています。 対策:バージョン 12.2(ビルド12.2.0.334)にアップデートして下さい。 https://t.co/U0LtFnR1hO
@t_nihonmatsu
Oct 22, 2024 5:02 PM
185 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- Veeam Backup and Replication Deserialization Vulnerability
- Exploit added on
- Oct 17, 2024
- Exploit action due
- Nov 7, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3AD538F-6D77-4528-9BD8-C06E1CD65354",
"versionEndExcluding": "12.2.0.334",
"versionStartIncluding": "12.0.0.1420"
}
],
"operator": "OR"
}
]
}
]