CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40711

Critical Severity
SVRS
94/100
CVSSv3
9.8/10
EPSS
0.56193/1

CVE-2024-40711 is a critical security flaw involving deserialization of untrusted data leading to remote code execution. With a SOCRadar Vulnerability Risk Score (SVRS) of 94, this vulnerability requires immediate attention and remediation.

CVE-2024-40711 highlights a serious risk: An attacker can send malicious data to a vulnerable system, which then executes arbitrary code without authentication. The high SVRS indicates that threat actors are actively exploiting this flaw. This is supported by the fact that exploits are available and there are reports of it being used in the wild as part of ransomware campaigns. Successful exploitation allows an attacker to gain complete control of the affected system. Given its presence in the CISA KEV catalog, organizations must prioritize patching to prevent potential breaches and data loss.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Known Ransomware Campaign Use
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-09-07
LAST MODIFIED2024-12-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-40711 is a deserialization of untrusted data vulnerability that can lead to remote code execution (RCE) by an unauthenticated attacker. The CVSS score of 9.8 indicates the high severity of this vulnerability, while the SVRS of 40 suggests a moderate level of risk. However, the "In The Wild" tag indicates that this vulnerability is actively being exploited by hackers, making it a critical threat that requires immediate attention.

Key Insights

  • Unauthenticated RCE: This vulnerability allows attackers to execute arbitrary code on vulnerable systems without requiring any authentication.
  • Deserialization of Untrusted Data: The vulnerability stems from the deserialization of untrusted data, which can occur when an application receives and processes data from an external source without properly validating it.
  • High Impact: Successful exploitation of this vulnerability can lead to complete system compromise, data theft, and other malicious activities.

Mitigation Strategies

  • Apply Software Updates: Install the latest security updates from the vendor as soon as possible.
  • Restrict Deserialization: Implement strict controls on the deserialization of data from untrusted sources.
  • Use Secure Coding Practices: Follow secure coding practices to prevent the introduction of vulnerabilities in software applications.
  • Monitor for Suspicious Activity: Regularly monitor systems for suspicious activity and investigate any anomalies promptly.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
0885b3153e61caa56117770247be04442024-10-22
HASH
0e98bfb0d8595ceb9a687906758a27ad2024-10-22
HASH
2a7a76cde7e970c06316e3ae4feadbe32024-10-22
HASH
4edc0efe1fd24f4f9ea234b83fcaeb6a2024-10-22
HASH
503f112e243519a1b9e03444995619082024-10-22
HASH
64f8e1b825887afe3130af4bf4611c212024-10-22
HASH
696a86a4c569590b0522664924db7c902024-10-22

Exploits

TitleSoftware LinkDate
watchtowrlabs/CVE-2024-40711https://github.com/watchtowrlabs/CVE-2024-407112024-09-15
Veeam Backup and Replication Deserialization Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-407112024-10-17
XiaomingX/cve-2024-40711-pochttps://github.com/XiaomingX/cve-2024-40711-poc2024-11-23
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

A closer look at Fog ransomware
Christine Barry2025-04-30
A closer look at Fog ransomware | Fog ransomware is a sophisticated threat actor known for rapid encryption and lack of centralized organization. This post explores the origins, operations, attacks, and the known unknowns of Fog.Fog ransomware emerged in April 2024 as a sophisticated cyberthreat that combined rapid encryption with double extortion tactics. Fog threat actors initially targeted educational institutions through compromised VPN accounts. They soon expanded their scope to government agencies and business sectors. As of February 2025, the top five sectors victimized by
barracuda.com
rss
forum
news
Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs - GBHackers News
2025-04-22
Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs - GBHackers News | News Content: Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge devices playing a critical role in initial attacks, according to the latest annual threat report by Sophos. The report highlights the persistent threat of ransomware, which despite a slight year-over-year decline in frequency, has seen an increase in the cost of attacks. Escalating Vulnerabilities in Network Edge Devices The report underscores that compromised network edge devices, including firewalls, VPNs, and other access devices, have been responsible for a quarter of initial
google.com
rss
forum
news
Sicherheitslücken in Veeam Backup & Replication - Updates verfügbar
CERT.at2025-04-01
Sicherheitslücken in Veeam Backup & Replication - Updates verfügbar | Der Softwarehersteller Veeam hat Aktualisierungen für mehrere seiner Produkte veröffentlicht. Unter den Sicherheitslücken die im Rahmen dieser Veröffentlichung behoben wurden befindet sich CVE-2024-40711, eine schwerwiegende Schwachstelle in Veeam Backup & Replication. Die Ausnutzung dieser Lücke ermöglicht es Angreifer:innen unauthentifiziert entfernte Codeausführung zu erreichen. Fehler
cert.at
rss
forum
news
Veeam addressed critical Service Provider Console (VSPC) bug
Pierluigi Paganini2024-12-04
Veeam addressed critical Service Provider Console (VSPC) bug | Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers to execute arbitrary code. Veeam released security updates for a critical vulnerability, tracked as CVE-2024-42448 (CVSS score of 9.9) impacting Service Provider Console. Successful exploitation of the flaw can potentially lead to remote code execution on vulnerable installs. Veeam Service […] Veeam addressed a critical vulnerability in Service Provider Console
cve-2024-42448
cve-2024-40711
cve-2024-42449
domains
Ransomware mira CVE já corrigido da Veeam
Da Redação2024-12-02
Ransomware mira CVE já corrigido da Veeam | Em Outubro, a Sophos X-Ops reportou incidentes em que hackers exploraram uma vulnerabilidade nos servidores de backup da Veeam, destacando um novo tipo de ransomware. A vulnerabilidade em questão, identificada como CVE-2024-40711, foi explorada em uma série de ataques atribuídos a um cluster de ameaças chamado STAC 5881. Os invasores utilizavam dispositivos VPN comprometidos para […] Fonte
cisoadvisor.com.br
rss
forum
news
Data Breaches Digest - Week 41 2024
Dunkie ([email protected])2024-12-02
Data Breaches Digest - Week 41 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 7th October and 13th October 2024. 13th October <br
dbdigest.com
rss
forum
news
Data Breaches Digest - Week 42 2024
Dunkie ([email protected])2024-12-02
Data Breaches Digest - Week 42 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 14th October and 20th October 2024. 20th October <br
dbdigest.com
rss
forum
news

Social Media

CVE-2024-40711: Logs analysis @own_fr CERT analysis: exploitation of CVE-2024-40711 (CVSS v3.1 Score: 9.8), published in September by the @watchtowrcyber teams and targeting the #Veeam Backup &amp; Replication 👇 https://t.co/qwkrbKCtFu
0
0
0
It seems that our Veeam CVE-2025-23120 post is live. I would never do this research without @SinSinology. He insisted a lot, thx man. 😅 If you know CVE-2024-40711, this vuln can be patch-diffed and exploit armed in 5 minutes. Unfortunately, it's super simple at this point.
0
0
1
Hey, did you know Veeam's CVE-2024-40711 lets attackers take COMPLETE control?! Patch now or risk it all! Immutable backups are a MUST too! https://t.co/Xn8we9pyCj
0
0
0
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware A critical vulnerability in Veeam Backup &amp; Replication software, identified as CVE-2024-40711, is being exploited by hackers to deploy ransomware. The vulnerability, which allows for unaut... https://t.co/koIEHIjARy
0
0
0
#DOYOUKNOWCVE Frag Ransomware Targets Veeam Vulnerability! CVE-2024-40711: Is a critical Remote Code Execution vulnerability in Veeam Backup &amp; Replication software. This flaw stems from the insecure deserialization of untrusted data, which allows unauthenticated attackers to https://t.co/xEjXm4FmLL
0
0
0
Frag Ransomware: A New Threat Exploits Veeam Vulnerability (CVE-2024-40711) https://t.co/hPAJC49TGJ Sophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newly observed ra…
0
0
0
Veeam Backup &amp; Replication exploit reused in new Frag ransomware attack https://t.co/s92wQeM6El A critical flaw, tracked as CVE-2024-40711, in Veeam Backup &amp; Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned th…
0
0
0
🚨 Veeam vuln exploited in ransomware! CVE-2024-40711 allows remote code execution. Patch now! Discuss how you're securing backups. #CyberSecurity #Veeam #Ransomware https://t.co/isQZwLXucE
0
0
0
LLM extracted the main idea for this #threatreport: The main idea of the text is that CVE-2024-40711, a critical vulnerability found in Veeam Backup &amp; Replication, is being actively exploited by threat actors for ransomware attacks, highlighting the urgent need for
1
0
0
Yesterday @CISAgov confirmed that CVE-2024-40711, a critical RCE vulnerability in @Veeam Backup &amp; Replication servers, has been exploited. See other threats affecting #Veeam products right now in our daily-updating top list: https://t.co/GFDfoD5LQY #CyberSecurity #CVE202440711 https://t.co/utnuFkLkRb
1
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.veeam.com/kb4649
134C704F-9B21-4F2E-91B3-4A467353BCC0https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
[email protected]https://www.veeam.com/kb4649

CWE Details

CWE IDCWE NameDescription
CWE-502Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence