Known Exploited Vulnerability
9.8
CRITICAL CVSS 3.1
CVE-2024-40711
Veeam Backup and Replication Deserialization Vulnerability - [Actively Exploited]
Description

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

INFO

Published Date :

Sept. 7, 2024, 5:15 p.m.

Last Modified :

Dec. 20, 2024, 4:35 p.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://www.veeam.com/kb4649 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40711

Affected Products

The following products are affected by CVE-2024-40711 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Veeam veeam_backup_\&_replication
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.0 CRITICAL [email protected]
CVSS 3.1 CRITICAL [email protected]
Solution
This information is provided by the 3rd party feeds.
  • Upgrade to Veeam Backup and Replication version 12.2.0.334 or later.
Public PoC/Exploit Available at Github

CVE-2024-40711 has a 8 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-40711.

URL Resource
https://www.veeam.com/kb4649 Vendor Advisory
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/ Exploit Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-40711 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-40711 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Defensive toolkit for auditing, hardening, and monitoring Veeam Backup & Replication against the critical .NET Remoting deserialization RCE (CVE-2024-40711). Includes PowerShell scripts for version audit & forensic log collection, Splunk/Elastic SIEM queries, and PDF runbooks for patching and incident response.

PowerShell C++ C# Java Kotlin Rust

Updated: 3 days, 4 hours ago
1 stars 0 fork 0 watcher
Born at : Aug. 31, 2025, 8:03 p.m. This repo has been linked 1 different CVEs too.

Links of research blogs published by me.

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 16, 2025, 9:30 a.m. This repo has been linked 21 different CVEs too.

This is my starred repositories including the description for each tool. Makes search/filter over them easier.

Updated: 1 month, 2 weeks ago
51 stars 6 fork 6 watcher
Born at : Feb. 26, 2025, 11:57 a.m. This repo has been linked 91 different CVEs too.

A collection of Vulnerability Research and Reverse Engineering writeups.

Updated: 4 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : Dec. 21, 2024, 2:55 p.m. This repo has been linked 49 different CVEs too.

CVE-2024-40711 是 Veeam Backup & Replication 软件中的一个严重漏洞,允许未经身份验证的攻击者远程执行代码。

Updated: 7 months, 3 weeks ago
2 stars 0 fork 0 watcher
Born at : Nov. 23, 2024, 4:02 a.m. This repo has been linked 1 different CVEs too.

CVE-2024-40711-exp

C#

Updated: 3 months, 2 weeks ago
42 stars 6 fork 6 watcher
Born at : Oct. 16, 2024, 5:02 a.m. This repo has been linked 2 different CVEs too.

Pre-Auth Exploit for CVE-2024-40711

C#

Updated: 1 month, 2 weeks ago
51 stars 14 fork 14 watcher
Born at : Sept. 15, 2024, 5:25 p.m. This repo has been linked 1 different CVEs too.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

cisa-kev vulnerability 0day cisa exploits

Updated: 3 weeks, 5 days ago
581 stars 42 fork 42 watcher
Born at : April 19, 2022, 8:58 a.m. This repo has been linked 1287 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-40711 vulnerability anywhere in the article.

  • Daily CyberSecurity
Fog Ransomware Group Exposed: Inside the Tools, Tactics, and Victims of a Stealthy Threat

Image: DFIR Report’s Threat Intel Group In a new investigation, The DFIR Report’s Threat Intel Group has shed light on the growing operations of the Fog ransomware group, revealing a sophisticated ars ... Read more

Published Date: Apr 29, 2025 (4 months ago)
  • Cyber Security News
Hackers Attacking Network Edge Devices to Compromise SMB Organizations

Small and medium-sized businesses (SMBs) are increasingly falling victim to cyberattacks that specifically target network edge devices, according to recent findings. These critical devices—including f ... Read more

Published Date: Apr 22, 2025 (4 months, 1 week ago)
  • Daily CyberSecurity
FOG Ransomware Campaign Targets Multiple Sectors with Phishing and Payload Obfuscation

The initial ransom note dropped that uses DOGE-related references to troll | Image: Trend Micro Trend Micro has identified a recent campaign involving FOG ransomware, demonstrating the adaptability of ... Read more

Published Date: Apr 22, 2025 (4 months, 1 week ago)
  • Daily CyberSecurity
High-Severity XXE Vulnerability Found in NAKIVO Backup & Replication

A high-severity security vulnerability has been identified in NAKIVO Backup & Replication, a popular data protection solution. The vulnerability, classified as an XML External Entity (XXE) issue and t ... Read more

Published Date: Apr 10, 2025 (4 months, 3 weeks ago)
  • Cybersecurity News
Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution

Veeam, a prominent player in data management and backup solutions, has recently disclosed a critical vulnerability in its Veeam Backup for Microsoft Azure product. Identified as CVE-2025-23082, this S ... Read more

Published Date: Jan 16, 2025 (7 months, 2 weeks ago)
  • Cybersecurity News
Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766

In September 2024, a critical vulnerability in SonicWall NSA devices, tracked as CVE-2024-40766, was disclosed. Since then, threat actors Akira and Fog have reportedly exploited this flaw to infiltrat ... Read more

Published Date: Jan 07, 2025 (7 months, 3 weeks ago)
  • Cybersecurity News
Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk

Veeam Software, a prominent provider of backup, recovery, and data management solutions, has released a security update to address multiple vulnerabilities in its Veeam Backup & Replication software. ... Read more

Published Date: Dec 05, 2024 (8 months, 4 weeks ago)
  • Cybersecurity News
CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC

Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One ... Read more

Published Date: Dec 04, 2024 (8 months, 4 weeks ago)
  • BleepingComputer
Veeam warns of critical RCE bug in Service Provider Console

​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. VSPC, descri ... Read more

Published Date: Dec 03, 2024 (9 months ago)
  • europa.eu
Cyber Brief 24-12 - November 2024

Cyber Brief (November 2024)December 3, 2024 - Version: 1.0TLP:CLEARExecutive summaryWe analysed 232 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, Germany anno ... Read more

Published Date: Dec 03, 2024 (9 months ago)
  • Cybersecurity News
Researchers Uncover XenoRAT’s New Tactics Leveraging Excel XLL Files and Advanced Obfuscation

Hunt researchers have discovered a novel deployment of XenoRAT, an open-source remote access tool (RAT), leveraging Excel XLL files and advanced obfuscation methods. Known for targeting gamers and pos ... Read more

Published Date: Nov 21, 2024 (9 months, 1 week ago)
  • The Hacker News
Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Vulnerability / Data Security Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersec ... Read more

Published Date: Nov 19, 2024 (9 months, 2 weeks ago)
  • Cybersecurity News
Ghostscript Update Patches Six Critical Vulnerabilities: Code Execution, Buffer Overflow, and Path Traversal Risks

Popular document rendering engine Ghostscript has released a critical security update addressing multiple vulnerabilities, some of which could lead to remote code execution.Ghostscript, a widely used ... Read more

Published Date: Nov 12, 2024 (9 months, 3 weeks ago)
  • TheCyberThrone
Frag Ransomware Dissection

A new ransomware strain named Frag ransomware has been discovered during the series of cyberattacks involving exploiting a vulnerability in Veeam backup servers,  tracked as CVE-2024-40711This newly o ... Read more

Published Date: Nov 11, 2024 (9 months, 3 weeks ago)
  • Cybersecurity News
Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking

A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges. This issue arises f ... Read more

Published Date: Nov 11, 2024 (9 months, 3 weeks ago)
  • Cybersecurity News
Frag Ransomware: A New Threat Exploits Veeam Vulnerability (CVE-2024-40711)

The Frag ransom note | Image: SophosSophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newl ... Read more

Published Date: Nov 11, 2024 (9 months, 3 weeks ago)
  • BleepingComputer
Critical Veeam RCE bug now used in Frag ransomware attacks

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Fl ... Read more

Published Date: Nov 08, 2024 (9 months, 3 weeks ago)
  • Cybersecurity News
Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8)

Fortinet has issued a security advisory for its FortiManager platform, addressing a critical vulnerability—CVE-2024-47575—which has been actively exploited in the wild. This vulnerability, rated at CV ... Read more

Published Date: Oct 23, 2024 (10 months, 1 week ago)
  • The Hacker News
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets ... Read more

Published Date: Oct 23, 2024 (10 months, 1 week ago)
  • Cybersecurity News
Akira Ransomware Exploit CVE-2024-40766 in SonicWall SonicOS

The attack chain | Image: S-RMThe notorious Akira ransomware group continues to adapt and refine its methods, solidifying its position as one of the most significant threats in the cyber landscape. Ac ... Read more

Published Date: Oct 22, 2024 (10 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2024-40711 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Dec. 20, 2024

    Action Type Old Value New Value
    Changed Reference Type https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/ No Types Assigned https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/ Exploit, Third Party Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
  • Initial Analysis by [email protected]

    Oct. 18, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.veeam.com/kb4649 No Types Assigned https://www.veeam.com/kb4649 Vendor Advisory
    Added CWE NIST CWE-502
    Added CPE Configuration OR *cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:* versions from (including) 12.0.0.1420 up to (excluding) 12.2.0.334
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Oct. 18, 2024

    Action Type Old Value New Value
    Added Due Date 2024-11-07
    Added Vulnerability Name Veeam Backup and Replication Deserialization Vulnerability
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Date Added 2024-10-17
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Sep. 09, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-502
  • CVE Received by [email protected]

    Sep. 07, 2024

    Action Type Old Value New Value
    Added Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
    Added Reference HackerOne https://www.veeam.com/kb4649 [No types assigned]
    Added CVSS V3 HackerOne AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact