{"id":5385,"date":"2024-09-19T14:57:21","date_gmt":"2024-09-19T19:57:21","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/poc-exploit-for-rce-flaw-but-patches-from-veeam"},"modified":"2024-09-19T14:57:21","modified_gmt":"2024-09-19T19:57:21","slug":"1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/19\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam\/","title":{"rendered":"1 PoC Exploit for Critical RCE Flaw, But 2 Patches from Veeam"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt9cd429d4d9f15920\/66ec73c2a0d62e6470761c4d\/veeam1800_Postmodern_Studio_alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A researcher has released a <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/labs.watchtowr.com\/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2\/\" rel=\"noopener\">proof-of-concept (PoC) exploit<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> and analysis for a critical vulnerability, tracked as CVE-2024-40711, used in Veeam&#8217;s backup and replication software.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As an unauthenticated remote code execution (RCE) flaw, the vulnerability has a CVSS score of 9.8 and threatens environments that are running versions 12.1.2.172 and below.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Initially reported for its high potential for exploitation, the vulnerability possesses an aging communication mechanism that makes it vulnerable to deserialization attacks. And it has an exploitation path that enables threat actors to create malicious payloads that bypass <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/akira-ransomware-lightning-fast-data-exfiltration-2-hours\" rel=\"noopener\">the protective measures Veeam<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> has put in place.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">While assessing the vulnerability, the security teams discovered 1,900 file modifications, 700 of which were deemed non-security related, indicating that Veeam&#8217;s patching process went beyond just CVE-2024-40711 and likely involved addressing a variety of other security flaws as well.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Veeam released two recommendations to address different components of the vulnerability. The first patch, version 12.1.2.172, made it so that low-level credentials were still required in order for threat actors to exploit the vulnerability. The second patch, version 12.2.0.334, fully resolves the flaw. It&#8217;s possible that the vulnerability was more severe than Veeam initially let on, and that the first patch did not fully mitigate the RCE threat, leaving systems exposed and prompting a second attempt to patch.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Dark Reading has contacted Veeam for more information about its approach.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In the meantime, it&#8217;s recommended that enterprises apply the latest patch as soon as possible, since a PoC exploit for the vulnerability has been made publicly available on GitHub, giving attackers tools to launch their next attacks.&nbsp;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/application-security\/poc-exploit-for-rce-flaw-but-patches-from-veeam\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A researcher has released a proof-of-concept (PoC) exploit and analysis<\/p>\n","protected":false},"author":12,"featured_media":5386,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5385","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/1-poc-exploit-for-critical-rce-flaw-but-2-patches-from-veeam-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5385"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5385\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5386"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}