Veeam Vulnerability (CVE-2024-40711) Exploited by Ransomware

Summary

OEM

Veeam

Severity

Critical

Date of Announcement

2024-10-17

CVSS Score

9.8

CVE

CVE-2024-40711

CWE

CWE-502

Exploited in Wild

Yes

Patch/Remediation Available

Yes

Advisory Version

1.0

Overview

Veeam Backup & Replication software has been found to contain a critical vulnerability (CVE-2024-40711) that is actively being exploited by ransomware actors to distribute Akira and Fog ransomware. This vulnerability allows remote code execution without authentication, which can result in complete system compromise. Attackers are using this security gap to establish unauthorized accounts with administrative rights and spread ransomware on systems that lack protection.

Vulnerability Name

CVE ID

Product Affected

Impact

CVSS Score

Veeam Backup & Replication Critical Code Execution Vulnerability

CVE-2024-40711

Veeam Backup & Replication

Critical

9.8

Technical Summary

CVE ID

System Affected

Vulnerability Details

Impact

CVE-2024-40711

Veeam Backup & Replication versions prior to 12.2.0.334

CVE-2024-40711 is a deserialization of untrusted data flaw that can be exploited via a URI /trigger on port 8000. Once exploited, the vulnerability triggers Veeam.Backup.MountService.exe to create a local account named "point" with administrative and Remote Desktop User privileges. Attackers then use this access to deploy ransomware such as Akira and Fog, and in some cases, exfiltrate data using tools like Rclone.

Remote code execution, creation of unauthorized admin accounts, ransomware deployment (Akira and Fog), data exfiltration.

Recommendations

  • Update Veeam Backup & Replication to version 12.2.0.334 or later, which addresses this vulnerability.
  • Ensure VPN gateways are running supported software versions and have MFA enabled.

Threat Indicators and Monitoring

  • Look for the account “point” or similar with elevated privileges.
  • Monitor for unexpected instances of Veeam.Backup.MountService.exe creating or executing net.exe.
Scroll to top