KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2024-40711

PUBLISHED

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Exploited in the wild Used in malware PoC available Remote Low complexity No user interaction
Vendor
Veeam
Product
Backup and Recovery
Published
Sep 07, 2024
EPSS

Description

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

cisa malware ransomware nuclei_scanner nessus_scanner

CVSS scores

CVSS v3.0 9.8 Critical

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2024-10-17 00:00:00 UTC · Source

Used in malware

Recorded 2024-10-17 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-10-16 05:02:27 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Oct 17, 2024

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-40711.yaml Jun 01, 2026
Nessus https://www.tenable.com/plugins/nessus/206718 Jun 02, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

realstatus/CVE-2024-40711-Exp

github · Created 2024-10-16 05:02:27 UTC · 41 stars

CVE-2024-40711-exp

watchtowrlabs/CVE-2024-40711

github · Created 2024-09-15 17:25:32 UTC · 48 stars

Pre-Auth Exploit for CVE-2024-40711

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Exploit Used in Malware

  • Added to KEVIntel

  • Detected by Nessus

  • Detected by Nuclei