Veeam has released updates to address 18 high and critical severity vulnerabilities in its Backup & Replication (VBR), Service Provider Console, and One products. Veeam released all the updates simultaneously as part of its single September 2024 security bulletin.
Among the vulnerabilities being addressed is CVE-2024-40711, a critical flaw found in VBR, which is used by organizations to manage and secure their backup infrastructure. The flaw can be exploited by unauthenticated threat actors to achieve remote code execution (RCE).
VBR has historically been a prime target of ransomware actors since it offers threat actors the opportunity to steal data backups for extortion purposes or to encrypt backups, limiting the recovery options of victims, and thus increasing the chances of ransom payments.
Veeam also released updates for five high-severity vulnerabilities in VBR that could allow path traversal, credential interception, and file removal, amongst other malicious activities if left unpatched.
In addition to VBR, Veeam used its September bulletin to update flaws in its Service Provider Console and One products, including several vulnerabilities that could lead to RCE.
Veeam hasn’t indicated whether any of the vulnerabilities that were patched have been actively exploited nor if there is proof-of-concept exploit code publicly available. The company recommends users install the updates as soon as possible.
Source: Bleeping Computer
Analysis
While Veeam hasn’t indicated if it is aware of active exploitation, it’s likely only a matter of time before threat actors begin targeting CVE-2024-40711 specifically. In 2023, a similar vulnerability in VBR, designated CVE-2023-27532, was quickly exploited by financially motivated and ransomware actors, despite a patch being available. Several months later, Cuba ransomware affiliates used the same vulnerability in attacks targeting U.S. critical infrastructure and IT companies based in Latin America.
Considering the abuse of CVE-2023-27532, users should update their VBR instances as soon as possible to minimize threat actors’ chances of exploiting CVE-2024-40711.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in firewalls like SonicWall. Field Effect MDR users are automatically notified if vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of the affected Veeam products update to the latest version as soon as possible, in accordance with the advisory.
Related Articles
