CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.veeam.com/kb4649

Configurations

No configuration.

History

09 Sep 2024, 17:35

Type	Values Removed	Values Added
CWE		CWE-522

09 Sep 2024, 13:03

Type	Values Removed	Values Added
Summary		(es) Una serie de vulnerabilidades relacionadas de alta gravedad, la más notable de las cuales permite la ejecución remota de código (RCE) como cuenta de servicio y la extracción de información confidencial (credenciales y contraseñas guardadas). Para explotar estas vulnerabilidades se requiere un usuario al que se le haya asignado un rol con pocos privilegios dentro de Veeam Backup & Replication.

07 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-07 17:15

Updated : 2024-09-09 17:35

NVD link : CVE-2024-40710

Mitre link : CVE-2024-40710

CVE.ORG link : CVE-2024-40710

JSON object : View

Products Affected

No product.

CWE

CWE-522

Insufficiently Protected Credentials

8.8 /10