U.S. CISA adds Veeam Backup and Replication -flaw to its Known Exploited Vulnerabilities catalog - #CVE-2024-40711
A series of reports have highlighted a critical vulnerability in Veeam Backup & Replication software, identified as CVE-2024-40711, which has been actively exploited by ransomware groups. This vulnerability, with a CVSS score of 9.8, allows unauthenticated remote code execution and has been used to deploy ransomware such as Akira and Fog. Attackers often gain access through poorly secured VPN gateways lacking multifactor authentication, creating unauthorized local accounts to further their malicious activities, including data exfiltration. Veeam has released a patch in version 12.2 of the software to mitigate this risk, and cybersecurity agencies and researchers have emphasized the importance of immediate updates and applying security measures. Organizations are urged to adopt multifactor authentication and patch management strategies to safeguard against such exploits, given the extensive use of Veeam products worldwide and the significant impact of ransomware attacks on enterprise backup and disaster recovery systems.