CVE-2024-40718
📋 TL;DR
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Veeam software that allows low-privileged authenticated users to escalate privileges locally. Attackers can exploit this to make unauthorized internal requests and gain higher system privileges. Organizations using affected Veeam products are at risk.
💻 Affected Systems
- Veeam Backup & Replication
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise where an attacker gains administrative privileges, accesses sensitive data, and potentially moves laterally through the network.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, access restricted data, and execute unauthorized commands.
If Mitigated
Limited impact with proper network segmentation, least privilege access, and monitoring in place.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once initial access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 12.1.2.172 or later (specifically cumulative patch P20240607)
Vendor Advisory: https://www.veeam.com/kb4649
Restart Required: Yes
Instructions:
1. Download cumulative patch P20240607 from Veeam support portal. 2. Apply the patch following Veeam's installation guide. 3. Restart affected services and verify installation.
🔧 Temporary Workarounds
Restrict Veeam Console Access
allLimit access to Veeam management console to only trusted administrators
Network Segmentation
allIsolate Veeam servers from sensitive internal networks and systems
🧯 If You Can't Patch
- Implement strict least privilege access controls for Veeam users
- Monitor for unusual SSRF patterns and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Veeam Backup & Replication version in console: Help > About. If version is 12.1.2.172 or earlier, system is vulnerable.Check Version:
In Veeam console: Help > About displays current versionVerify Fix Applied:
Verify version shows 12.1.2.172 or later after patch installation and check patch history for P20240607.📡 Detection & Monitoring
Log Indicators:
- Unusual internal network requests from Veeam services
- Privilege escalation attempts in Windows event logs
- Authentication from low-privileged accounts performing administrative actions
Network Indicators:
- SSRF patterns in HTTP requests from Veeam servers
- Unexpected internal connections from Veeam infrastructure
SIEM Query:
source="veeam*" AND (url="*localhost*" OR url="*127.0.0.1*" OR url="*internal*" OR (event_type="privilege_escalation" AND user="veeam*"))