Veeam has disclosed two critical vulnerabilities that pose significant risks to users of its Backup and Replication software and ONE Agent. These flaws, tracked as CVE-2024-40711 and CVE-2024-42024, could allow unauthenticated attackers to execute arbitrary code remotely, putting affected systems at risk.
CVE-2024-40711 – Veeam Backup and Replication (CVSS: 9.8)
This critical vulnerability, present in Veeam Backup and Replication versions 12.1.2.172 and earlier, allows remote code execution (RCE) via a deserialisation of untrusted data. Attackers can send a malicious payload to vulnerable systems without authentication, enabling them to execute arbitrary code. Veeam advises users to update to the latest patched version to mitigate this issue.
CVE-2024-42024 – Veeam ONE Agent (CVSS: 9.1)
CVE-2024-42024 affects Veeam ONE Agent versions 12.1.0.3208 and earlier. This flaw allows attackers who possess the Veeam ONE Agent service account credentials to execute remote code on the machine where the agent is installed. Organisations using affected versions should update immediately to prevent exploitation.
Recommendations:
Veeam Backup and Replication users: Apply the latest patch to address CVE-2024-40711.
Veeam ONE Agent users: Ensure systems are updated to secure against CVE-2024-42024.
Further information and update links can be found below:
These vulnerabilities are not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, and there is no evidence they are being exploited by ransomware operators. However, due to the severity of these issues, it is crucial for organisations to patch their systems as soon as possible.
If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.
