A critical vulnerability in Veeam Backup & Replication software has been exploited by ransomware groups Akira and Fog. This vulnerability, identified as CVE-2024-40711, allows for remote code execution (RCE) without authentication, posing a significant threat to organizations relying on Veeam’s data protection solutions.
Key Points:
Vulnerability Details:
o The flaw, discovered by security researcher Florian Hauser, stems from a deserialization of untrusted data weakness.
o It has been assigned a CVSS score of 9.8, indicating its high severity.
Exploitation by Ransomware Groups:
o Attackers have leveraged this vulnerability to gain unauthorized access to Veeam servers.
o The exploitation allows attackers to execute code remotely without needing physical access.
Target Audience:
o Primarily aimed at organizations using Veeam Backup & Replication software.
o Exploits the reliance on Veeam’s data protection solutions, making organizations more susceptible.
Impact and Risks:
o Successful exploitation can lead to data breaches and unauthorized access to sensitive information.
o The ransomware can disrupt operations and cause significant financial and reputational damage.
Defense Strategies:
o Organizations should apply the latest security updates released by Veeam.
o Strengthening remote access defenses and monitoring for suspicious activity can help mitigate risks.