A critical vulnerability in Veeam Backup & Replication, tracked as CVE-2024-40711, is actively being exploited by ransomware groups, including Akira, Ransomhub, and Sinobi. This flaw, which allows unauthenticated remote code execution through the deserialization of untrusted data, has a CVSS score of 9.8, underscoring its severity.
The vulnerability was disclosed on September 7, 2024, and has since been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of October 17, 2024. It has been exploited in the wild within 39 days of its disclosure, highlighting the urgency for organizations to address this security gap.
Proof-of-concept exploits are publicly available, increasing the risk of widespread attacks. The exploitation of this flaw has been linked to several ransomware operations, with Akira and Fog ransomware specifically targeting Veeam systems. The exploitation of CVE-2024-40711 allows attackers to execute arbitrary code, potentially leading to data theft, system compromise, and operational disruption.
Security teams are urged to prioritize patching Veeam Backup & Replication systems to mitigate the risk of exploitation. The SSVC (Stakeholder-Specific Vulnerability Categorization) recommends immediate action due to the critical nature of this vulnerability and its known use in ransomware attacks.
CSURFACE