Veeam.Backup.and.Replication.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Veeam Backup and Replication.
The vulnerability is due to lack of authorization when accessing an internal API service. A remote, unauthenticated attacker could exploit this vulnerability by authenticating to the target service with an NTLM anonymous session. Successful exploitation could lead to remote code execution on the target server.
Affected Products
Veeam Backup and Replication 10a prior to 10.0.1.4854 P20220304
Veeam Backup and Replication 11a prior to 11.0.1.1261 P20220302
Veeam Backup and Replication 9.5U3
Veeam Backup and Replication 9.5U4
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.veeam.com/kb4288
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |