Multiple Vulnerabilities in Veeam Products Could Allow for Remote Code Execution

Multiple critical and high-severity vulnerabilities were identified in Veeam products (Backup & Replication, VSPC, and Veeam ONE). Notable issues include an unauthenticated remote code execution (CVE-2024-40711), RCE and credential extraction via a low-privileged role (CVE-2024-40710), RCE with Veeam ONE Agent credentials (CVE-2024-42024), and several additional CVEs enabling remote code execution, privilege escalation, arbitrary file upload/overwrite, MFA bypass, and credential exposure; successful exploitation could allow attackers to execute code, escalate privileges, and access or modify sensitive data.