NHS England has posted an alert relating to a critical Veeam Backup & Replication vulnerability which is now under active exploitation by ransomware groups.
Successful exploitation of the vulnerability (CVE-2024-40711) could lead to remote code execution (RCE), the alert noted. RCE could allow attackers to run code on a remote device without the need for physical access.
Threat severity has been rated high, with a CVSS score of 9.8.
These groups are reportedly exploiting CVE-2024-40711 as a second stage exploit to create new local administrator accounts to facilitate further objectives on compromised networks.
Reports warn of exploitation attempts since shortly after official disclosure by Veeam.
Sophos X-Ops MDR and Incident Response has tracked a series of attacks in the past month that have leveraged compromised credentials and CVE-2024-40711 to create an account and deploy ransomware. The firm did not note the target of this attack.
In once case, attackers dropped Fog ransomware and another attack saw the attempted deployment of Akira ransomware, according to Sophos.
Veeam first issued a security bulletin relating to this and four high severity vulnerabilities on September 4, 2024.
The NHS notice highlighted that enterprise backup and disaster recovery applications are valuable targets for cyber threat groups.
Vulnerabilities in backup and disaster recovery applications are often exploited in the wild by ransomware groups shortly after official disclosure.
“NHS England National [Cybersecurity Operations Centre] assess exploitation of CVE-2024-40711 as highly likely to continue,” the advisory later said.
The vulnerability affects Veeam Backup & Replication 12.1.2.172. Veeam noted that unsupported product versions are not tested but are likely affected and should be considered vulnerable.
Affected organizations have been advised to review the Veeam Security Bulletin from and update Veeam Backup & Replication to version 12.2 (or above) as a matter of urgency.
Veeam Backup & Replication is a data protection solution that offers backup and recovery for virtual, physical, network attached storage, and cloud-native environments.