Get Started Book a Demo

Dual Critical Advisory: Critical Vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS

11th September 2024 | Advisory, Blog Dual Critical Advisory: Critical Vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS


Veeam Backup & Replication: Critical Patches for Vulnerabilities

Overview: Veeam released patches for 13 high-severity and five critical vulnerabilities, including an unauthenticated remote code execution (RCE) flaw in Veeam Backup & Replication (CVE-2024-40711), which has a CVSS score of 9.8. This vulnerability could allow attackers to fully take over a system, and security firm CODE WHITE, who discovered it, warned that disclosing technical details could lead to its exploitation by ransomware gangs.

Key Vulnerabilities:

  • Unauthenticated RCE: Exploitable without user authentication, allowing attackers to remotely execute code and compromise systems.
  • Other vulnerabilities could result in unauthorized access, data exposure, and system manipulation.

Recommendations:

  • Patch Immediately: Apply the latest Veeam updates to all affected systems.
  • Strengthen Monitoring: Implement enhanced monitoring for abnormal activity post-patch.
  • Backup Regularly: Ensure offsite and offline backups are available for quick restoration.

SonicWall SonicOS: Active Exploitation of CVE-2024-40766

Overview: A critical vulnerability has been discovered in SonicWall’s SonicOS Management Access and SSLVPN (CVE-2024-40766), potentially leading to unauthorized resource access. In some cases, this vulnerability can cause firewalls to crash. SonicWall has confirmed active exploitation in the wild, making this vulnerability particularly urgent.

Systems Affected:

  • SOHO (Gen 5) 5.9.2.14-12o and older versions
  • Gen6 Firewalls 6.5.4.14-109n and older versions
  • Gen7 Firewalls SonicOS build version 7.0.1-5035 and older versions

Threat Intelligence: SonicWall reports that CVE-2024-40766 is actively exploited, making the need for immediate action critical.

Risk:

  • Large and medium businesses: High
  • Small businesses: Medium
  • Home users: Low

Recommendations:

  • Apply Patches Immediately: Update SonicOS Management Access and SSLVPN systems with the latest security patches provided by SonicWall.
  • Implement Network Segmentation: Use logical network segmentation to isolate critical systems and reduce exposure.
  • Monitor and Respond: Ensure monitoring systems are in place to detect unauthorized access attempts, and develop a response plan for potential intrusions.
Sources
SC Media: Veeam patches 5 critical vulnerabilities, including unauthenticated RCE flawSonic Wall: Security Advisory

Secure your business with CyberHoot Today!!!


Sign Up Now

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Your Employees Connected 47 Apps to Google Last Year. Can You Name One of Them?
12th May 2026 | Blog

Your Employees Connected 47 Apps to Google Last Year. Can You Name One of Them?

OAuth tokens don't expire when employees leave, passwords change, or apps go rogue. Your security program needs...

Read more
Attackers Don’t Need a Key. They Already Have Yours.
5th May 2026 | Blog

Attackers Don’t Need a Key. They Already Have Yours.

Most breaches don't start with a hacker in a hoodie cracking code at 3am. They start with your username and a...

Read more
Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing to Close It.
10th April 2026 | Blog

Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing to Close It.

Article Updates: As of May 6th 2026, every major U.S. AI lab, including Google DeepMind, Microsoft, xAI,...

Read more
Get Started All Posts