CVE-2024-40717

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Dec 4, 2024

Summary

CVE-2024-40717 is a newly identified vulnerability affecting Veeam Backup & Replication software. This issue grants a low-privileged user, with specific roles, the ability to execute remote code on the server via an update to existing jobs. Pre- and post-scripts for these jobs, which can be hosted on a network share, are executed with elevated privileges by default. A user can manipulate a job update and schedule it to run almost instantly, resulting in arbitrary code execution on the vulnerable server.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Veeam Backup & Replication

Affected Vendors

  • Veeam