Vulnerabilities > CVE-2024-40712 - Unspecified vulnerability in Veeam Backup & Replication

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

veeam

NVD

Published: 2024-09-07

Updated: 2025-05-01

Summary

A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).

Vulnerable Configurations

Part	Description	Count
Application	Veeam Veeam Veeam Backup & Replication 5.0.2.230 Veeam Veeam Backup & Replication 8.0.0.2030 Veeam Veeam Backup & Replication 9.5.0.1536 Veeam Veeam Backup & Replication 9.5.4.2615 Veeam Veeam Backup & Replication 10.0 Veeam Veeam Backup & Replication 10.0.0.4442 Veeam Veeam Backup & Replication 10.0.0.4461 Veeam Veeam Backup & Replication 10.0.1.4848 Veeam Veeam Backup & Replication 10.0.1.4854 Veeam Veeam Backup & Replication 11.0 Veeam Veeam Backup & Replication 11.0.0.825 Veeam Veeam Backup & Replication 11.0.0.837 Veeam Veeam Backup & Replication 11.0.1.1261 Veeam Veeam Backup & Replication 12.0.0.1420 Veeam Veeam Backup & Replication 12.1.0.2131 Veeam Veeam Backup & Replication 12.1.1.56 Veeam Veeam Backup & Replication 12.1.2.172	33

References

https://www.veeam.com/kb4649