Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Software recovery company Veeam has a series of vulnerabilities that could open the door to exploits, prominent cybersecurity firms revealed in September.
According to a Rapid7 post on September 9, Veeam has a number of Common Vulnerabilities and Exposures—CVEs—that could be exploited by bad actors. In a blog post, Rapid7 detailed the concerns while making clear that, thus far, there is no evidence of bad actors taking advantage of the vulnerabilities.
“It is possible that one or more of these vulnerabilities may be used to facilitate extortion attacks,” the firm wrote. “More than 20% of Rapid7 incident response cases in 2024 so far have involved Veeam being accessed or exploited in some manner, typically once an adversary has already established a foothold in the target environment.”
Target identified. Rapid7’s report singled out CVE-2024-40711, an unauthenticated remote code execution vulnerability that targets Veeam’s proprietary backup and replication system. The vulnerability was initially detected by Florian Hauser of CODE WHITE, and listed by Veeam as “critical.”
Threat surface management company Censys, in a September 6 post about the vulnerability, warned that cybercriminals could use 40711 “to gain full control of a system, manipulate data, and potentially move laterally within a network, making it a relatively high-value target for threat actors.”
“This vulnerability is particularly concerning because it’s likely to be exploited by ransomware operators to compromise backup systems and potentially create double-extortion scenarios,” the company added in its post.
There were five other vulnerabilities in the report, including 40713, which would allow low-level users to change multi-factor authentication settings, and 39718, allowing users without high-level credentials to remove files from the system.
Checklist. Caitlin Condon, Rapid7 director of vulnerability intelligence, told IT Brew in an statement through a PR rep that she is worried about the potential for attackers to leverage Veeam CVEs.
“The sensitive data the application houses is a real boon to ransomware and extortion groups, and we’ve seen past Veeam Backup & Replication vulnerabilities leveraged in long-tailed ransomware attacks,” Condon wrote.
Veeam users should update their systems as soon as possible, Rapid7 recommended in its blog post—and Condon echoed that advice.
“Fortunately for IT security admins, all of the Backup & Replication vulnerabilities appear to have been resolved in a single update, which may help with timely remediation,” Condon wrote.