Veeam Backup - 需要身份验证的 RCE,但大多数情况下无需身份验证 (CVE-2024-40711)
Tags
| attack-pattern: | Model Dns - T1071.004 Dns - T1590.002 Impersonation - T1656 |
Common Information
| Type | Value |
|---|---|
| UUID | 1456b4b0-600c-48d7-9777-3fc4cfee39c2 |
| Fingerprint | 6937348fb1814da |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 20, 2024, midnight |
| Added to db | Sept. 13, 2024, 11:45 a.m. |
| Last updated | Nov. 16, 2024, 8:03 p.m. |
| Headline | Veeam Backup - 需要身份验证的 RCE,但大多数情况下无需身份验证 (CVE-2024-40711) |
| Title | Veeam Backup - 需要身份验证的 RCE,但大多数情况下无需身份验证 (CVE-2024-40711) |
| Detected Hints/Tags/Attributes | 27/1/44 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://cn-sec.com/archives/3153642.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 483 | ✔ | CN-SEC 中文网 | https://cn-sec.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 95 | cve-2024-40711 |
|
| Details | Domain | 1 | veeam.backup.common.sources.system.io |
|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 149 | system.security |
|
| Details | Domain | 13 | this.id |
|
| Details | Domain | 1 | routersinkprovider.next |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 3 | identity.name |
|
| Details | Domain | 1 | windowsidentity.name |
|
| Details | File | 1 | 中嵌入的资源文件发生了更改veeam.backup |
|
| Details | File | 9 | common.dll |
|
| Details | File | 4 | remoting.obj |
|
| Details | File | 4 | remoting.dll |
|
| Details | File | 1 | 这个自定义绑定器是在另一个完全独立的库中实现的veeam.backup |
|
| Details | File | 1 | 名为veeam.backup |
|
| Details | File | 1 | 然后调用fillfromembeddedresource从文件中加载类名的方法whitelist.txt |
|
| Details | File | 1 | 中还有一些其他方法可以解析.txt |
|
| Details | File | 20 | veeam.backup |
|
| Details | File | 5 | whitelist.txt |
|
| Details | File | 1 | sources.sys |
|
| Details | File | 6 | io.bin |
|
| Details | File | 1 | 加载文件以使用明确不允许的类型blacklist.txt |
|
| Details | File | 7 | blacklist.txt |
|
| Details | File | 1 | 加载whitelist.txt |
|
| Details | File | 1 | 加载blacklist.txt |
|
| Details | File | 1 | 该restrictedserializationbinder类型是在veeam.backup |
|
| Details | File | 1 | restrictedserializationbinder.cs |
|
| Details | File | 1 | cbinaryserverformattersink.cs |
|
| Details | File | 1 | ccorechannel.cs |
|
| Details | File | 1 | cimpersonationserversink.cs |
|
| Details | File | 1 | cproxybinaryformatter.cs |
|
| Details | File | 7 | formatters.bin |
|
| Details | File | 1 | cproxybinaryformatter.bin |
|
| Details | File | 19 | system.xml |
|
| Details | File | 3 | configuration.dat |
|
| Details | File | 1 | basic.dat |
|
| Details | File | 1 | this.backup |
|
| Details | File | 6 | this.key |
|
| Details | File | 1 | callcontext.log |
|
| Details | File | 1 | _accesschecker.vb |
|
| Details | IPv4 | 34 | 12.1.2.172 |
|
| Details | IPv4 | 28 | 4.0.0.0 |
|
| Details | IPv4 | 1 | 12.1.1.56 |
|
| Details | IPv4 | 38 | 10.10.10.10 |