Share This:

Cybersecurity Threat AdvisoryThere were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass, credential sniffing, and privilege escalation. Review the details in this Cybersecurity Threat Advisory to limit you and your customers’ impact.

What is the threat?

Backup servers are often prime targets of ransomware actors. Sensitive data often lives on it, and backups are key in remediation following a ransomware attack. All the vulnerabilities listed can be used by threat actors to destroy backups and allow them to further compromise the network and allow for easier lateral movement.

The CVEs issued include:

  • CVE-2024-39718
  • CVE-2024-40710
  • CVE-2024-40711
  • CVE-2024-40712
  • CVE-2024-40713
  • CVE-2024-40714

Why is it noteworthy?

Unauthenticated RCE vulnerabilities on a backup solution are extremely risky; backup servers often contain extremely sensitive data, and the availability of the data is critical in recovering from cyberattacks like ransomware. These vulnerabilities are very valuable to ransomware actors, and these types of vulnerabilities are perfect for a ransomware actor who is planning on exfiltrating data or destroying backups.

What is the exposure or risk?

Focusing on the highest severity vulnerability, unauthenticated RCE, the exposure is based on how accessible the Veeam backup and response server is. Further, this vulnerability has a severe impact on the confidentiality, integrity, and availability of the backups and the backup server. This could have a huge impact during attacks such as ransomware and data theft.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the impact of these vulnerabilities:

  • Update Veeam Backup and Replication to the latest version.
  • Create offline backups to ensure critical data remains protected, even in case of vulnerabilities before patches are applied.

References:

For more in-depth information about the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Matthew Smith

Posted by Matthew Smith

Matthew is a Cybersecurity Analyst at Barracuda MSP. He supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *