Security News > 2024 > September > Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
2024-09-05 16:05
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1
News URL
https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-42024 | A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. | 0.0 |
| 2024-09-07 | CVE-2024-40711 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420 A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | 9.8 |