September 5, 2024 By Bill Toulas
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
The most severe of the problems addressed is CVE-2024-40711, a critical (CVSS v3.1 score: 9.8) remote code execution (RCE) vulnerability on Veeam Backup & Replication (VBR) that can be exploited without authentication.
VBR is used to manage and secure backup infrastructure for enterprises, so it plays a critical role in data protection. As it can serve as a pivot point for lateral movement, it is considered a high-value target for ransomware operators.
Ransomware actors target the service to steal backups for double-extortion and delete/encrypt backup sets, so victims are left without recovery options.
In the past, the Cuba ransomware gang and FIN7, known to collaborate with Conti, REvil, Maze, Egregor, and BlackBasta, were observed targeting VBR vulnerabilities.
The flaw, which was reported via HackerOne, impacts Veeam Backup & Replication 12.1.2.172 and all earlier versions of the 12 branch.