LeakIX report : Probyteconsulting.be

Creation
Validation
Communication & fix
Disclosure

Probyteconsulting.be / Veeam Backup & Replication Remote code execution

BloodyShell reported 2022-04-11

Your server have been found vulnerable to Veeam RCE.

This means any attacker can currently access your backup servers, execute code and download/modify/erase its content.

Patching is critical.

Reference : https://www.veeam.com/kb4288

IP:

95.211.209.248

Port:

9380

Detected protocol:

veeam-ds

Found Veeam distribution service, vulnerable to CVE-2022-26500, CVE-2022-26501
===================================================================
Log has been started by 'WIN-HG0LTM7JTS3\SYSTEM' user (Non-interactive)
Logging level: [4 (AboveNormal)]
MachineName: [WIN-HG0LTM7JTS3], OS: [Microsoft Windows Server 2019 Standard (10.0.17763)], CPU: [2]
Process: [64 bit], PID: [1956], SessionId: [0], UID: [bebda020-1dc2-462d-85a5-c818af4008ff]
UTC Time: [9/04/2022 7:41:38], DaylightSavingTime: [True]
Culture: [nl-BE], UI culture: [en-US]
Module: [C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe]. File version: [11.0.1.1261], Assembly version: [11.0.0.0], Edition: [standard]
Process start time: [8/04/2022 19:59:25], Garbage collector mode: [Server]
Private fix files:
Cummulative fix files

Found by veeaml9 2022-04-10

Report created by

BloodyShell 2022-04-11

Report approved by

BloodyShell 2022-04-11

New PDF report generated by system 2022-04-11

Report dispatched to ...@... by system 2022-04-11

Report marked as fixed by

BloodyShell 2022-04-29

Report closed by

BloodyShell 2022-04-29

New PDF report generated by system 2022-04-29

Information

Owner Probyteconsulting.be

Created 2022-04-11 12:02

Updated 2022-11-28 05:57

Fixed true

Contacts

j...@probyte.be

i...@probyteconsulting.be

v...@cert.be

Status

Status closed

Hosting contacted false

CERT contacted false

Download report