A vulnerability (CVE-2022-26500) exists in the Veeam Distribution Service. This component allows executing malicious code remotely without authentication. This may lead to gaining control over the target system.
The Veeam Distribution Service, using TCP 9380 with default settings, allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code.
Your server has been found vulnerable to Veeam RCE.
This means an attacker can currently access your backup servers, execute code, and download/modify/erase its content.
https://www.veeam.com/kb4288
Found Veeam distribution service, vulnerable to CVE-2022-26500, CVE-2022-26501
===================================================================
UTC offset: 2,00 hours
[11.04.2022 06:01:09] <155> Info [RTS] [ProxyLoadAnalyzer] Selected proxy [infra-veeam-proxy-pcc4]
[11.04.2022 06:01:09] <155> Info [RTS] Mark task as processing, task 'coris-burkinafaso-prod-db-replica from job "PCC4_DB_Prod_Backup_1h (Incremental)" (task id:ca7c8a1c-1a95-4ba0-ae45-06bd8cee29f9, task sess id:0d791283-1caa-4234-a090-b2e30bb8e939, job sess id:acba4663-3735-4d87-8526-312ef6fb901c)'
[11.04.2022 06:01:09] <155> Info [RTS] Acquiring multi resource [ViDisk_|ViProxyRepositoryPairResourceRequest, ProxyResourceRequest: [ViProxy, source proxies: [Vi proxy resource [id=6a440dac-8fce-45a5-86fa-14346f4d7fb4 : srv name=infra-veeam-proxy-pcc4 : access level=HotAddDifferentHosts : max usage=8 : vddk modes=hotadd;nbd : direct nfs=False]],[Vi proxy resource [id=18b661c1-d9dc-4233-90a0-7e7b10dc2d09 : srv name=VMware Backup Proxy : access level=DifferentSubnetwork : max usage=2 : vddk modes=nbd : direct nfs=False]],[Vi proxy resource [id=eb8c3ca2-562b-4cf5-9dc2-81ab91c7a193 : srv name=infra-veeam-proxy-pcc5-2 : access level=DifferentSubnetwork : max usage=8 : vddk modes=nbd : direct nfs=False]],[Vi proxy resource [id=0db6c2af-ee2b-4a5b-93f4-b93567d59d7c : srv name=infra-veeam-proxy-pcc5 : access level=DifferentSubnetwork : max usage=8 : vddk modes=nbd : direct nfs=False]],[Vi proxy resource [id=6c4d42a7-989e-4d07-9f3e-edeebc420de0 : srv name=infra-veeam-proxy-pcc4-2 : access level=HotAddDifferentHosts : max usage=8 : vddk modes=hotadd;nbd : direct nfs=False]] ], RepositoryResourceRequest : [Repository 'Backup_Repos_SBG1' (storage count 25)]] for task [coris-burkinafaso-prod-db-replica from job "PCC4_DB_Prod_Backup_1h (Incremental)" (task id:ca7c8a1c-1a95-4ba0-ae45-06bd8cee29f9, task sess id:0d791283-1caa-4234-a090-b2e30bb8e939, job sess id:acba4663-3735-4d87-8526-312ef6fb901c)]
[11.04.2022 06:01:09] <155> Info [RTS] ------------------------------------------------
[11.04.2022 06:01:09] <155> Info [RTS] Capturing resource 'Backup_Repos_SBG1', id 'c5768cac-f445-46d7-b153-1ff2e0c28c4b', for task 'ca7c8a1c-1a95-4ba0-ae45-06bd8cee29f9'