AI description
CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Veeam Backup & Replication software. It stems from a deserialization of untrusted data, which, when exploited with a malicious payload, allows attackers to execute arbitrary code remotely without needing authentication. This poses a significant risk to organizations relying on Veeam for their backup and data protection strategies. The vulnerability affects Veeam Backup & Replication version 12.1.2.172 and all earlier versions. A successful exploit could grant an attacker full control of the system, enabling them to manipulate data and move laterally within the network. Veeam has released a security patch in version 12.2.0.334 to address this vulnerability, and users are strongly advised to upgrade their systems.
- Description
- A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
- Source
- support@hackerone.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Veeam Backup and Replication Deserialization Vulnerability
- Exploit added on
- Oct 17, 2024
- Exploit action due
- Nov 7, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudyPB's blog. Don’t blacklist, replace
@codewhitesec
28 Mar 2025
4737 Impressions
20 Retweets
69 Likes
12 Bookmarks
0 Replies
2 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
23 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
20 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
17 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
برای Veeam Backup & Replication آسیب پذیری با کد شناسایی CVE-2024-40711 منتشر بود . همانطور که قبلا هم گفته بودیم بعد از انتشار یک آسیب پذیری بدافزارها به خصوص باج افزارها از آن آسیب پذیری برای گرفتن دسترسی اولیه به سیستم های قربانی استفاده می کنند. https://t.co/Y2P1U3epiq
@AmirHossein_sec
13 Nov 2024
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Campaign Alert - STAC 5881 Threat Cluster Deploys New 'Frag' Ransomware via Veeam Vulnerability CVE-2024-40711 🚨 Summary: STAC 5881 threat cluster exploit Veeam flaw (CVE-2024-40711) to deploy new ransomware "Frag," adding to their arsenal of Akira and Fog. Attackers
@CyberxtronTech
12 Nov 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Frag Ransomware Targets Veeam Vulnerability! CVE-2024-40711: Is a critical Remote Code Execution vulnerability in Veeam Backup & Replication software. This flaw stems from the insecure deserialization of untrusted data, which allows unauthenticated attackers to
@Loginsoft_Inc
11 Nov 2024
58 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was
@cybertzar
11 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
10 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
8 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
5 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
30 Oct 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#ThreatProtection #CVE-2024-40711 - #Veeam Backup and Replication deserialization #vulnerability exploited by #ransomware actors, read more about Symantec's protection: https://t.co/0yQUPhFWC8
@threatintel
30 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
29 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA KEV 警告 24/10/17:Veeam の RCE 脆弱性 CVE-2024-40711 を追加 https://t.co/wCgeHlDoc1 #Akira #BOD #CISA #KEV #Exploit #Fog #Government #PoC #Ransomware #RC #VBR #Veeam #Vulnerability
@iototsecnews
29 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Veeam vuln exploited in ransomware! CVE-2024-40711 allows remote code execution. Patch now! Discuss how you're securing backups. #CyberSecurity #Veeam #Ransomware https://t.co/isQZwLXucE
@OffenseLogic
28 Oct 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202440711 PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication https://t.co/Ni6TXX3yVa
@Komodosec
25 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-30088 is getting exploited #inthewild. Find out more at https://t.co/QiT95nLyZp CVE-2021-4444 is getting exploited #inthewild. Find out more at https://t.co/uq5M6rwnfk CVE-2024-40711 is getting exploited #inthewild. Find out more at https://t.co/T1KmDbBwqH
@inthewildio
23 Oct 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-40711
@transilienceai
23 Oct 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Veeam Backup & Replication のRCE脆弱性 CVE-2024-40711 CVSS 9.8 Critical CISAは既知の脆弱性悪用カタログに含めました。既に悪用が確認されています。 対策:バージョン 12.2(ビルド12.2.0.334)にアップデートして下さい。 https://t.co/U0LtFnR1hO
@t_nihonmatsu
22 Oct 2024
185 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam users beware! A critical vulnerability (CVE-2024-40711) was exploited to deploy ransomware. Patch your Veeam Backup & Replication now. #Veeam #Security #Ransomware https://t.co/D2SUeQGmR6
@mmurphy2514
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
El proyecto CVE-2024-40711 explora una vulnerabilidad crítica que afecta a Veeam Backup & Replication https://t.co/JrzursiKVz #Informatica #SeguridadInformatica
@f3nixh4ck
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam Products Vulnerability Exposed: Ransomware Gangs Exploit CVE-2024-40711 Veeam Backup & Replication products are facing a severe vulnerability exploited by ransomware gangs. Find out how Patch 12.2 offers a solution to this critical issue, securing your backup systems.…
@DavidGurcan
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Veeam Backup CVE-2024-40711 to its KEV Catalog #CISAKEV #VeeamBackup #CVE-2024-40711 https://t.co/gyLbsYUWea
@pravin_karthik
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-40711 #Veeam Backup and Replication Deserialization Vulnerability https://t.co/UV2aAf3haq
@ScyScan
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3AD538F-6D77-4528-9BD8-C06E1CD65354",
"versionEndExcluding": "12.2.0.334",
"versionStartIncluding": "12.0.0.1420"
}
],
"operator": "OR"
}
]
}
]