CVE-2024-40711

Sept. 9, 2024, 4:35 p.m.

9.8
Critical

Description

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Product(s) Impacted

Product Versions
UNKNOWN
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References

https://www.veeam.com/kb4649

Tags

CWE-502
support@hackerone.com
2024-09-07
CVE-2024-40711

CVSS Score

9.8 / 10

CVSS Data - 3.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Sept. 7, 2024, 5:15 p.m.
Last Modified: Sept. 9, 2024, 4:35 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

support@hackerone.com

Relations

Here is the list of observables linked to the vulnerability CVE-2024-40711 using threat intelligence.

  • Akira
  • Megazord
  • Akira

Linked Attack Reports

Akira ransomware continues to evolve

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned t…
linux
ransomware
windows
rust
CVE-2024-37085
vulnerability exploitation
akira
CVE-2023-27532
esxi
CVE-2024-40766
CVE-2023-48788
double-extortion
CVE-2024-40711
CVE-2023-20269
2024-10-22
CVE-2020-3259
CVE-2023-20263
chacha8
megazord
Published: October 22, 2024
Linked vulnerabilities : CVE-2024-37085 (CVSS 6.8), CVE-2024-40766 (CVSS 9.8), CVE-2024-40711 (CVSS 9.8), CVE-2023-27532, CVE-2023-20269, CVE-2020-3259, CVE-2023-48788, CVE-2023-20263
Downloadable IOCs: 37

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.