CVE-2024-40711
CVE-2024-40711
In short
A vulnerability allows attackers to send specially crafted data to the application that gets processed unsafely, leading to arbitrary code execution on the server without needing any credentials. This is critical because attackers can take complete control of the affected system.
Technical detail
CWE-502 deserialization of untrusted data vulnerability enables unauthenticated remote attackers to execute arbitrary code by crafting malicious serialized objects. The vulnerability requires no authentication and allows complete system compromise; exploitation vectors depend on the application's deserialization entry points and available gadget chains.
Summary generated and translated by AI from the official description.
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Veeam · Backup and Recoverypublic PoCs found — 2
githubgithub.com/watchtowrlabs/CVE-2024-40711★ 54githubgithub.com/realstatus/CVE-2024-40711-Exp★ 43⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →