Vulnerability Details CVE-2024-40710
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.5%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-40710
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.0.4442
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.0.4461
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.1.4848
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.1.4854
-
cpe:2.3:a:veeam:veeam_backup_&_replication:11.0
-
cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.0.825
-
cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.0.837
-
cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.1.1261
-
cpe:2.3:a:veeam:veeam_backup_&_replication:12.0.0.1420
-
cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.0.2131
-
cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.1.56
-
cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.2.172
-
cpe:2.3:a:veeam:veeam_backup_&_replication:5.0.2.230
-
cpe:2.3:a:veeam:veeam_backup_&_replication:8.0.0.2030
-
cpe:2.3:a:veeam:veeam_backup_&_replication:9.5.0.1536
-
cpe:2.3:a:veeam:veeam_backup_&_replication:9.5.4.2615