Thanks for sharing

There are also some big vulnerabilities in VBR which should be parched immediately (CVSS 9.8): https://www.veeam.com/kb4288

thx for sharing, for a what a news on monday morning

Severity: Critical
CVSS v3 score: 9.8

@BertrandFR

That was Saturday evening news for me. I have stopped the distribution service on all of our critical environments immediately :)

What a nice saturday night for you! I think the emergency will depend if your infra is exposed but patch quickly anyway

Patching will be planned for this week.

The Distribution Service on Port 9380 is listening on each VBR server by default. Not all environments have closed this port on their firewall or have a dedicated subnet where the vbr server is installed. I thinking of small customers with only a few machines to backup. So better disable the service until there is a maintenance window to patch the product. :)

If this vulnerability is somehow used to gain access to the vbr server, the entire credential database can be exported. All domain and hypervisor Accounts would be available to the hacker.

Good suggestions @Mildur 

• Temporary mitigation of the vulnerabilities: Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.

confirm this fix temp the vul?

Yes, the issue lies in the Distribution Service.

If you disable the Service, the Port 9380 is shutdown and cannot be used from the network to overtake the vbr or distribution server.

Thx @Mildur  & all.

Send magic powershell command for stop & disable bugged service :D