The US CISA has added Veeam Backup flaw to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.
CVE-2024-40711
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Advertisements
CISA has set November 7, 2024, as a deadline for the federal agencies to remediate the vulnerability
