CVE-2024-40711
9.8CRITICALA deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Veröffentlicht: 9/7/2024Aktualisiert: 10/30/2025
CISA Bekannte Ausgenutzte Schwachstelle
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
Erforderliche Maßnahme:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Fälligkeitsdatum:
2024-11-07
Bekannte Ransomware-Nutzung
Beschreibung
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
KI-AnalyseKI-gestützt
Betroffene Produkte
veeamveeam_backup_\&_replication
Referenzen
- https://www.veeam.com/kb4649Vendor Advisory
- https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/ExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40711US Government Resource