LeakIX report : Megabyte.be

Creation
Validation
Communication & fix
Disclosure

Megabyte.be / Veeam Backup & Replication Remote code execution

BloodyShell reported 2022-04-11

Your server have been found vulnerable to Veeam RCE.

This means any attacker can currently access your backup servers, execute code and download/modify/erase its content.

Patching is critical.

Reference : https://www.veeam.com/kb4288

IP:

91.121.219.24

Port:

9380

Detected protocol:

veeam-ds

Found Veeam distribution service, vulnerable to CVE-2022-26500, CVE-2022-26501
===================================================================
Log has been started by 'ARICKX-VBP01\SYSTEM' user (Non-interactive)
Logging level: [4 (AboveNormal)]
MachineName: [ARICKX-VBP01], OS: [Microsoft Windows Server 2016 Standard (10.0.14393)], CPU: [6]
Process: [64 bit], PID: [7212], SessionId: [0]
UTC Time: [09-04-22 12:10:32], DaylightSavingTime: [True]
Culture: [fr-BE], UI culture: [en-US]
Module: [C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe]. File version: [11.0.0.837], Assembly version: [11.0.0.0], Edition: [standard]
Process start time: [18-11-21 10:48:14], Garbage collector mode: [Server]
CmdLineParams: []
Network Interface, Name: WAN, Description: vmxnet3 Ethernet Adapter, Interface Type: Ethernet, Operational Status: Up;

Found by veeaml9 2022-04-09

Report created by

BloodyShell 2022-04-11

Report approved by

BloodyShell 2022-04-11

New PDF report generated by system 2022-04-11

Report dispatched to ...@... by system 2022-04-11

Report marked as fixed by

BloodyShell 2022-04-29

Report closed by

BloodyShell 2022-04-29

New PDF report generated by system 2022-04-29

Information

Owner Megabyte.be

Created 2022-04-11 12:09

Updated 2022-04-29 13:31

Fixed true

Contacts

b...@megabyte.be

e...@megabyte.be

v...@cert.be

Status

Status closed

Hosting contacted false

CERT contacted false

Download report