iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Cyber security firm Rapid7 has advised users of recovery software provider Veeam that some of the company’s products contain vulnerabilities.
Referring to Veeam’s September security bulletin, six vulnerabilities were identified with the company’s popular Backup & Replication (VBR) solution, which allows enterprises to back up and restore backups of physical machines, cloud-based workloads, and virtual environments.
Most notable is CVE-2024-40711, which affects VBR version 12.1.2.172 and is a “critical unauthenticated remote code execution issue” that could allow a threat actor to gain complete control of a system and access and manipulate the data within it.
The vulnerability has a CVSS score of 9.8 but has been classed as “high” rather than “critical”, which “confirms exploitation is fully unauthenticated”, according to Rapid7.
“While CVE-2024-40711 has received attention from security media and community members, we are not aware of any known exploitation as of Monday, September 9, 2024,” it said.
In addition, five other vulnerabilities with VBR were disclosed, including those that would allow for remote removal of files from the system (CVE-2024-39718), allowing low privilege roles to change multifactor authentication (MFA) settings (CVE-2024-40713) and more.
“Veeam Backup and Replication customers should update to the latest version of the software immediately, without waiting for a regular patch cycle to occur,” Rapid7 said.
While, as previously mentioned, there is no evidence to suggest CVE-2024-40711 has been exploited in the wild, vulnerabilities with Veeam software have been exploited by threat actors in the past, including ransomware groups.
“More than 20 per cent of Rapid7 incident response cases in 2024 so far have involved Veeam being accessed or exploited in some manner, typically once an adversary has already established a foothold in the target environment,” Rapid7 said.
Be the first to hear the latest developments in the cyber industry.
