CVE-2024-40717: 
Veeam Backup & Replication vulnerability analysis and mitigation

CVE-2024-40717 is a high-severity vulnerability affecting Veeam Backup & Replication software that was disclosed on December 3, 2024. The vulnerability allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing backup jobs. The vulnerability affects Veeam Backup & Replication version 12.2.0.334 and all earlier version 12 builds (Veeam KB).

The vulnerability has a CVSS v3.1 score of 8.8 (High), with a vector string of CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows an authenticated user with assigned roles to execute scripts with elevated privileges by configuring them as pre-job or post-job tasks. These scripts are executed with LocalSystem privileges, regardless of the user's original permission level. The vulnerability was discovered during internal testing (Veeam KB, Security Online).

The exploitation of this vulnerability can lead to complete system compromise as it allows attackers to execute arbitrary code with elevated system privileges. This could potentially result in unauthorized access to sensitive backup data, system configuration changes, and full control over the backup infrastructure (Veeam KB).

The vulnerability has been fixed in Veeam Backup & Replication 12.3 (build 12.3.0.310). As a temporary mitigation measure until the backup server can be upgraded, administrators should remove untrusted and unnecessary users from the Users and Roles settings on the backup server. It is recommended to review all users assigned a Role within Veeam Backup & Replication and assess internal necessity, removing access for users who do not strictly need it (Veeam KB).