Active Exploitation of Critical Vulnerabilities in Fortinet and Veeam Backup & Replication

Cybercriminals are taking advantage of a critical vulnerability with a CVSS severity score of 9.8 identified in Veeam Backup & Replication software. The software is designed for data backup and recovery across virtual, physical, and cloud environments. The vulnerability, labeled CVE-2024-40711, involves the unsafe deserialization of data that could lead to potential remote code execution.

Reports from Sophos reveal that ransomware groups have been using breached VPN credentials to break into VPN gateways lacking multifactor authentication. Once inside, they exploit the CVE-2024-40711 vulnerability to set up new local administrator accounts, facilitating the deployment of Akira and Fog ransomware. Although not all attacks resulted in successful ransomware deployment, one attack led to installing Frog ransomware on an unsecured Hyper-V server, followed by data exfiltration using the rclone tool.

The vulnerability impacts Veeam Backup & Replication version 12.1.2.172, with unsupported versions possibly at risk as well. Veeam addressed the vulnerability in a September 2024 patch and told users to upgrade to version 12.2 without delay.

Meanwhile, threat actors are also targeting a critical vulnerability in four Fortinet products – FortiProxy, FortiOS, FortiSwitchManager, and FortiPAM. Identified as CVE-2024-23113, this format string vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute remote arbitrary commands or code on unpatched systems.

Vulnerable Versions:

  • FortProxy: Versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.8, and 7.0.0 to 7.0.15
  • Fortinet FortiOS: Versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.6, and 7.0.0 to 7.0.13
  • FortiSwitchManager: Versions 7.2.0 to 7.2.3 and 7.0.0 to 7.0.3
  • FortiPAM: Versions 1.2, 1.1, and 1.0

Researchers from Shadowserver have identified over 87,000 Fortinet IP addresses that may be vulnerable, including 14,000 located in the U.S. Administrators are urged to upgrade to patched versions instantly to prevent exploitation. For those unable to update right away, Fortinet has offered temporary workarounds.

Veeam and Fortinet’s vulnerabilities present security risks, therefore prompt patching is necessary to mitigate potential breaches and HIPAA violations.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA