CVE-2024-40717
CVSS 3.0 Score 8.8 of 10 (high)
Details
Published Dec 4, 2024
Summary
CVE-2024-40717 is a newly identified vulnerability affecting Veeam Backup & Replication software. This issue grants a low-privileged user, with specific roles, the ability to execute remote code on the server via an update to existing jobs. Pre- and post-scripts for these jobs, which can be hosted on a network share, are executed with elevated privileges by default. A user can manipulate a job update and schedule it to run almost instantly, resulting in arbitrary code execution on the vulnerable server.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Veeam Backup & Replication
Affected Vendors
- Veeam