Veeam Security Vulnerability which allows an unauthenticated remote code execution.

 

·      Veeam Backup & Replication is a proven data protection solution that offers efficient and reliable backup and recovery for virtual, physical, NAS, and cloud-native environments.

·      Veeam was co-founded in 2006 by Ratmir Timashev and Andrei Baronov, two entrepreneurs from Russia. 

·      Veeam creates backups by instructing the virtualization software to take snapshots of VMs. 

·      VM backups are intended to store your data for as long as deemed necessary, so you can go back in time and restore what was lost, while VM replicas are intended to restore the VMs as soon as possible.

·      Veeam is for virtual environments built on VMware vSphere, Nutanix AHV, and Microsoft Hyper-V hypervisors. 

 

v Most of the system administrators are familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’.

v Tactlessly, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks.

v Note, recently there are many notable ransomware attacks reported across the globe, probably due to this vulnerability

VENERABILITY DETAILS:

Veeam allows the connection to the .NET Remoting object, which is the root cause of the vulnerability.

Version	Status
12.2.0.334	Fully patched.
12.1.2.172	Low privilege users are able to execute arbitrary code. Needs Authentication.
12.1.1.56 and earlier	Vulnerable to unauthenticated Remote Code Execution.

 

PRODUCTS AFFECTED:

ü Veeam ONE

ü Veeam Service Provider Console

ü Veeam Agent for Linux

ü Veeam Backup for Nutanix AHV

ü Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

Recommendation:

As there are multiple vulnerability fixes provided by Veeam in its latest patch, it is recommended for all DevOps and System Administrators to upgrade to the latest version of Veeam software.