Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Rapid7 says 6 vulnerabilities found within Veeam Backup and Replication

Cyber security firm Rapid7 has advised users of recovery software provider Veeam that some of the company’s products contain vulnerabilities.

user icon Daniel Croft
Tue, 10 Sep 2024
Rapid7 says six vulnerabilities found within Veeam Backup and Replication
expand image

Referring to Veeam’s September security bulletin, six vulnerabilities were identified with the company’s popular Backup & Replication (VBR) solution, which allows enterprises to back up and restore backups of physical machines, cloud-based workloads, and virtual environments.

Most notable is CVE-2024-40711, which affects VBR version 12.1.2.172 and is a “critical unauthenticated remote code execution issue” that could allow a threat actor to gain complete control of a system and access and manipulate the data within it.

The vulnerability has a CVSS score of 9.8 but has been classed as “high” rather than “critical”, which “confirms exploitation is fully unauthenticated”, according to Rapid7.

============
============

“While CVE-2024-40711 has received attention from security media and community members, we are not aware of any known exploitation as of Monday, September 9, 2024,” it said.

In addition, five other vulnerabilities with VBR were disclosed, including those that would allow for remote removal of files from the system (CVE-2024-39718), allowing low privilege roles to change multifactor authentication (MFA) settings (CVE-2024-40713) and more.

“Veeam Backup and Replication customers should update to the latest version of the software immediately, without waiting for a regular patch cycle to occur,” Rapid7 said.

While, as previously mentioned, there is no evidence to suggest CVE-2024-40711 has been exploited in the wild, vulnerabilities with Veeam software have been exploited by threat actors in the past, including ransomware groups.

“More than 20 per cent of Rapid7 incident response cases in 2024 so far have involved Veeam being accessed or exploited in some manner, typically once an adversary has already established a foothold in the target environment,” Rapid7 said.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.