CVE-2024-40711

Published Sep 7, 2024

Last updated a month ago

Overview

Description
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Source
support@hackerone.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

CVSS 3.0

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Veeam Backup and Replication Deserialization Vulnerability
Exploit added on
Oct 17, 2024
Exploit action due
Nov 7, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-502
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-502

Social media

Hype score
Not currently trending
  1. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    23 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    20 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    17 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. برای Veeam Backup & Replication آسیب پذیری با کد شناسایی CVE-2024-40711 منتشر بود . همانطور که قبلا هم گفته بودیم بعد از انتشار یک آسیب پذیری بدافزارها به خصوص باج افزارها از آن آسیب پذیری برای گرفتن دسترسی اولیه به سیستم های قربانی استفاده می کنند. https://t.co/Y2P1U3epiq

    @AmirHossein_sec

    13 Nov 2024

    24 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Threat Campaign Alert - STAC 5881 Threat Cluster Deploys New 'Frag' Ransomware via Veeam Vulnerability CVE-2024-40711 🚨 Summary: STAC 5881 threat cluster exploit Veeam flaw (CVE-2024-40711) to deploy new ransomware "Frag," adding to their arsenal of Akira and Fog. Attackers

    @CyberxtronTech

    12 Nov 2024

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #DOYOUKNOWCVE Frag Ransomware Targets Veeam Vulnerability! CVE-2024-40711: Is a critical Remote Code Execution vulnerability in Veeam Backup & Replication software. This flaw stems from the insecure deserialization of untrusted data, which allows unauthenticated attackers to

    @Loginsoft_Inc

    11 Nov 2024

    58 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was

    @cybertzar

    11 Nov 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    10 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    8 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    5 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    30 Oct 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. #ThreatProtection #CVE-2024-40711 - #Veeam Backup and Replication deserialization #vulnerability exploited by #ransomware actors, read more about Symantec's protection: https://t.co/0yQUPhFWC8

    @threatintel

    30 Oct 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    29 Oct 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. CISA KEV 警告 24/10/17:Veeam の RCE 脆弱性 CVE-2024-40711 を追加 https://t.co/wCgeHlDoc1 #Akira #BOD #CISA #KEV #Exploit #Fog #Government #PoC #Ransomware #RC #VBR #Veeam #Vulnerability

    @iototsecnews

    29 Oct 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Veeam vuln exploited in ransomware! CVE-2024-40711 allows remote code execution. Patch now! Discuss how you're securing backups. #CyberSecurity #Veeam #Ransomware https://t.co/isQZwLXucE

    @OffenseLogic

    28 Oct 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. #Vulnerability #CVE202440711 PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication https://t.co/Ni6TXX3yVa

    @Komodosec

    25 Oct 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-30088 is getting exploited #inthewild. Find out more at https://t.co/QiT95nLyZp CVE-2021-4444 is getting exploited #inthewild. Find out more at https://t.co/uq5M6rwnfk CVE-2024-40711 is getting exploited #inthewild. Find out more at https://t.co/T1KmDbBwqH

    @inthewildio

    23 Oct 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2024-40711

    @transilienceai

    23 Oct 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Veeam Backup & Replication のRCE脆弱性 CVE-2024-40711 CVSS 9.8 Critical CISAは既知の脆弱性悪用カタログに含めました。既に悪用が確認されています。 対策:バージョン 12.2(ビルド12.2.0.334)にアップデートして下さい。 https://t.co/U0LtFnR1hO

    @t_nihonmatsu

    22 Oct 2024

    185 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Veeam users beware! A critical vulnerability (CVE-2024-40711) was exploited to deploy ransomware. Patch your Veeam Backup & Replication now. #Veeam #Security #Ransomware https://t.co/D2SUeQGmR6

    @mmurphy2514

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. El proyecto CVE-2024-40711 explora una vulnerabilidad crítica que afecta a Veeam Backup & Replication https://t.co/JrzursiKVz #Informatica #SeguridadInformatica

    @f3nixh4ck

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Veeam Products Vulnerability Exposed: Ransomware Gangs Exploit CVE-2024-40711 Veeam Backup & Replication products are facing a severe vulnerability exploited by ransomware gangs. Find out how Patch 12.2 offers a solution to this critical issue, securing your backup systems.…

    @DavidGurcan

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CISA added Veeam Backup CVE-2024-40711 to its KEV Catalog #CISAKEV #VeeamBackup #CVE-2024-40711 https://t.co/gyLbsYUWea

    @pravin_karthik

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-40711 #Veeam Backup and Replication Deserialization Vulnerability https://t.co/UV2aAf3haq

    @ScyScan

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations