25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Threat Actors Actively Exploiting Critical Fortinet; Veeam Backup & Replication Vulnerabilities

Posted By on Oct 15, 2024

Ransomware actors have been observed exploiting a critical vulnerability in Veeam Backup & Replication, a data protection and recovery solution for virtual, physical, network-attached storage, and cloud-native environments. The deserialization of untrusted data vulnerability – CVE-2024-40711 – can lead to remote code execution and has a CVSS severity score of 9.8.

According to Sophos, ransomware groups have been observed using compromised VPN credentials to access VPN gateways without multifactor authentication enabled, and then exploiting CVE-2024-40711 to create new local administrator accounts to deploy Akira and Fog ransomware. Sophos has tracked several attacks in the past month that exploited the vulnerability. While ransomware deployment was not always successful, in one of the attacks the threat actor successfully dropped Frog ransomware on an unprotected Hyper-V server and used rclone to exfiltrate data.

The vulnerability affects Veeam Backup & Replication version 12.1.2.172, and potentially also unsupported versions. Veeam released a patch to fix the vulnerability in September 2024 and urges all customers to update to version 12.2 immediately.

Fortinet Vulnerability Actively Exploited

Threat actors have been observed exploiting a critical vulnerability – CVE-2024-23113 – that affects four Fortinet products – FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. Successful exploitation of the format string vulnerability (CVSS 9.8) can allow a remote, unauthenticated threat actor to execute arbitrary code or commands on an unpatched system.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Product Vulnerable versions
Fortinet FortiOS 7.4.0 to 7.4.2; 7.2.0 to 7.2.6; 7.0.0 to 7.0.13
FortProxy 7.4.0 to 7.4.2; 7.2.0 to 7.2.8; 7.0.0 to 7.0.15
FortiPAM 1.2, 1.1 and 1.0

 
FortiSwitchManager 7.2.0 to 7.2.3 & 7.0.0 to 7.03

Shadowserver researchers suggest more than 87,000 Fortinet IPs are likely vulnerable worldwide, including around 14,000 in the United States. Administrators should ensure they upgrade to the patched version of the affected product as soon as possible. Fortinet has provided workarounds for any user that is unable to immediately update to the patched version.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist