Patch Alert Issued for Veeam Backup & Replication Software program

Security experts are urging all Veeam Backup & Replication software users to immediately update their software to patch a critical, remotely exploitable flaw.

See Also: Cyber Hygiene and Asset Management Perception vs. Reality

Veeam first disclosed the vulnerability, tracked as CVE-2024-40711, on Thursday, when it released patches to repair 18 vulnerabilities throughout its product line, together with 5 important flaws, so designated as a result of they are often remotely exploited to execute arbitrary code.

The replace for the extensively used Veeam Backup & Replication fixes flaws which are current in model 12.1.2.172 of the software program, and all earlier model 12 builds. The software program is used for backup and restoration throughout cloud, digital and bodily IT environments and works straight with such working techniques and environments as AWS, Azure, Google Cloud, Oracle, SAP Hana and Broadcom’s VMware.

The corporate warned that no-longer-supported variations of Veeam Backup & Replication, equivalent to model 11, for which help ceased in February, “are usually not examined, however are doubtless affected and must be thought of susceptible.”

Attackers can exploit CVE-2024-40711 to remotely execute code on a Veeam Backup & Replication server with out having to first authenticate to the server. The seller rated the flaw 9.8 on the 10-point CVSS scale and credited its discovery to researcher Florian Hauser at cybersecurity service supplier Code White.

The corporate said the flaw might be used to facilitate “full techniques takeover” and that it would not be instantly releasing any technical particulars in regards to the vulnerability “as a result of this would possibly immediately be abused by ransomware gangs.”

4 different flaws patched by way of the Thursday replace to Veeam Backup & Replication are rated as high-severity as a result of exploiting them requires an attacker to first achieve a low-privileged function with the software program or to have already gained entry to the community.

Different updates launched Thursday by Veeam tackle vulnerabilities in its software program agent for LinuxOne, software program for managing digital and knowledge safety environments and Service Supplier Console software program for managing Backup & Replication software program workloads, in addition to its as backup software program for the Nutanix AHV virtualization platform, Oracle Linux Virtualization Supervisor and Purple Hat Virtualization merchandise.

Assault floor administration and menace looking platform Censys said CVE-2024-40711 is particularly regarding as a result of the vulnerability could be exploited “to realize full management of a system, manipulate knowledge and doubtlessly transfer laterally inside a community, making it a comparatively high-value goal for menace actors.”

Whether or not the vulnerability is already being actively exploited by way of in-the-wild assaults is not clear. Even so, Censys stated “its potential for extracting giant volumes of information and enabling lateral motion inside networks suggests it may grow to be a goal for ransomware assaults.”

By exploiting the flaw, criminals may steal backup knowledge and maintain it to ransom, in addition to crypto-lock the backup setting, fueling double-extortion shakedowns.

Ransomware and cybercrime teams have beforehand focused identified vulnerabilities in Veeam Backup & Replication, together with CVE-2023-27532, which Veeam patched in March 2023. Attackers may exploit that flaw to steal encrypted credentials, permitting them to realize unauthorized entry to the software program and doubtlessly pivot to different components of the community, researchers warned.

Cybersecurity agency Group-IB reported in July that teams equivalent to EstateRansomware seem to have begun focusing on CVE-2023-27532 simply weeks after its public disclosure.

Different teams focusing on that flaw have included such ransomware operations equivalent to Cuba, Akira, and the cybercrime group FIN7, which has been linked to ransomware teams equivalent to BlackBasta – in addition to different ransomware teams (see: Feds Warn of Rise in Attacks Involving Veeam Software Flaw).

Final August, the U.S. Cybersecurity and Infrastructure Safety Company added CVE-2023-27532 to its Recognized Exploited Vulnerabilities catalog.