cvedb.io
CVE-2024-40717
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2024-12-04T02:15:04.410 · Last modified 2026-06-17T07:46:23.947

Summary

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server.

Affected products

veeam — veeam_backup_\&_replication

Does this affect you?

Add your gear to cvedb and we'll alert you only when veeam ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.