• Creation
  • Validation
  • Communication & fix
  • Disclosure

Probyteconsulting.be / Veeam Backup & Replication Remote code execution

BloodyShell reported 2022-04-11

Your server have been found vulnerable to Veeam RCE.

This means any attacker can currently access your backup servers, execute code and download/modify/erase its content.

Patching is critical.

Reference : https://www.veeam.com/kb4288

IP:
95.211.209.248
Port:
9380
Detected protocol:
veeam-ds
Found Veeam distribution service, vulnerable to CVE-2022-26500, CVE-2022-26501
===================================================================
Log has been started by 'WIN-HG0LTM7JTS3\SYSTEM' user (Non-interactive)
Logging level: [4 (AboveNormal)]
MachineName: [WIN-HG0LTM7JTS3], OS: [Microsoft Windows Server 2019 Standard (10.0.17763)], CPU: [2]
Process: [64 bit], PID: [1956], SessionId: [0], UID: [bebda020-1dc2-462d-85a5-c818af4008ff]
UTC Time: [9/04/2022 7:41:38], DaylightSavingTime: [True]
Culture: [nl-BE], UI culture: [en-US]
Module: [C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe]. File version: [11.0.1.1261], Assembly version: [11.0.0.0], Edition: [standard]
Process start time: [8/04/2022 19:59:25], Garbage collector mode: [Server]
Private fix files:
Cummulative fix files
Found by veeaml9 2022-04-10
Report created by BloodyShell  2022-04-11
Report approved by BloodyShell  2022-04-11
New PDF report generated by system 2022-04-11
Report dispatched to ...@... by system 2022-04-11
Report dispatched to ...@... by system 2022-04-11
Report dispatched to ...@... by system 2022-04-11
Report marked as fixed by BloodyShell  2022-04-29
Report closed by BloodyShell  2022-04-29
New PDF report generated by system 2022-04-29
Information
Owner Probyteconsulting.be
Created 2022-04-11 12:02
Updated 2022-04-29 13:40
Fixed true

Contacts
j...@probyte.be
i...@probyteconsulting.be
v...@cert.be

Status
Status closed
Hosting contacted false
CERT contacted false

Download report