Found 4 bookmarks
Custom sorting
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's no point deploying cryptolocker malware on a target unless you can also deny access to backups, and so, this class of attackers absolutely loves to break this particular software. With so many eyes focussed on it, then, it is no huge surprise that it has a rich history of CVEs. Today, we're going to look at the latest episode - CVE-2024-40711. Well, that was a complex vulnerability, requiring a lot of code-reading! We’ve successfully shown how multiple bugs can be chained together to gain RCE in a variety of versions of Veeam Backup & Replication.
#watchtowr#EN#2024#Veeam#CVE-2024-40711#analysis#PoC
·labs.watchtowr.com·
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
#bleepingcomputer#EN#2024#RCE#Remote-Code-Execution#Veeam#Veeam-Backup-&-Replication#Veeam-ONE#Vulnerability
·bleepingcomputer.com·
Veeam warns of critical RCE flaw in Backup & Replication software
Patch or Peril: A Veeam vulnerability incident
Patch or Peril: A Veeam vulnerability incident
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.
#group-ib#EN#2024#Veeam#vulnerability#incident#ransomware#FortiGate#NirSoft
·group-ib.com·
Patch or Peril: A Veeam vulnerability incident