CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-40711

CVSS 9.8v3.1pub. 2024-09-07upd. 2025-10-30

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

🤖 AI Analysis
How it works

The vulnerability results from unsafe deserialization of untrusted data (CWE-502). An attacker sends a specially crafted payload over the network, which is deserialized by the application without prior authentication. The process of deserializing malicious data leads to the execution of arbitrary code in the context of the application.

Impact

An attacker without any credentials can remotely execute arbitrary code on the server, which in practice means complete takeover of the system, including the ability to steal data, install backdoors, and conduct further lateral movement in the network.

Mitigation & patch

Patches available from the vendor must be applied immediately in accordance with the official Veeam support article (kb4649). Due to active exploitation of the vulnerability, the update should be performed without delay.

Who is affected

Veeam Backup & Replication — versions indicated in the vendor's references (see: veeam.com/kb4649)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Veeam Backup \& Replication

    APP
    Veeam
    12.0.0.1420 – 12.2.0.334 (bez)

CISA KEV — detailsi

Vendori
Veeam
Producti
Backup & Replication
Added to KEVi
October 17, 2024
Remediation deadline (US Federal)i
November 7, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 7 listopada 2024
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2022-26501CRITICAL9.8⚠ KEVten sam produkt

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).

CVE-2026-21669CRITICAL9.9PL ✓ten sam produkt

RCE w Veeam Backup & Replication dla uwierzytelnionych użytkowników domenowych

CVE-2026-21666CRITICAL9.9PL ✓ten sam produkt

RCE dla uwierzytelnionego użytkownika domenowego w Veeam Backup & Replication

CVE-2026-21667CRITICAL9.9PL ✓ten sam produkt

RCE w Veeam Backup & Replication dla uwierzytelnionego użytkownika domenowego

CVE-2026-21671CRITICAL9.1PL ✓ten sam produkt

RCE dla administratora kopii zapasowych w Veeam Backup & Replication (HA)