• Creation
  • Validation
  • Communication & fix
  • Disclosure

Tricentis / Veeam Backup & Replication Remote code execution
BloodyShell reported 2022-04-11

Description

A vulnerability (CVE-2022-26500) exists in the Veeam Distribution Service. This component allows executing malicious code remotely without authentication. This may lead to gaining control over the target system.

The Veeam Distribution Service, using TCP 9380 with default settings, allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code.

Your server has been found vulnerable to Veeam RCE.

This means an attacker can currently access your backup servers, execute code, and download/modify/erase its content.

Reference

https://www.veeam.com/kb4288

IP:
87.98.190.230
Port:
9380
Detected protocol:
veeam-ds 
Found Veeam distribution service, vulnerable to CVE-2022-26500, CVE-2022-26501
===================================================================
Log has been started by 'ITBACKUP-OVH1\Système' user (Non-interactive)
Logging level: [4 (AboveNormal)]
MachineName: [ITBACKUP-OVH1], OS: [Microsoft Windows 10 Professionnel (10.0.16299)], CPU: [4]
Process: [64 bit], PID: [11172], SessionId: [0], UID: [2e7f2555-fb11-404b-a6ff-5bf5359d60d9]
UTC Time: [03/04/2022 23:00:19], DaylightSavingTime: [True]
Culture: [fr-FR], UI culture: [fr-FR]
Module: [C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe]. File version: [11.0.1.1261], Assembly version: [11.0.0.0], Edition: [standard]
Process start time: [15/02/2022 11:07:19], Garbage collector mode: [Server]
Private fix files:
Cummulative fix files
Found by veeaml9 2022-04-10
Report created by BloodyShell  2022-04-11
Report approved by BloodyShell  2022-04-11
New PDF report generated by system 2022-04-11
Report dispatched to ...@... by system 2022-04-11
Report dispatched to ...@... by system 2022-04-11
Report marked as fixed by BloodyShell  2022-04-29
Report closed by BloodyShell  2022-04-29
New PDF report generated by system 2022-04-29
Information
Owner Tricentis
Created 2022-04-11 13:30
Updated 2022-04-29 13:25
Fixed true
Contacts
c...@ssi.gouv.fr
n...@tricentis.com
Status
Status closed
Hosting contacted false
CERT contacted false
Download report

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice