Vulnerability (CVE-2022-26503) in Veeam Agent for Microsoft Windows allows local privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code with LOCAL SYSTEM privileges.
Vulnerability (CVE-2022-26503) in Veeam Agent for Microsoft Windows
Userlevel 7
+9
Userlevel 7
+20
Thanks for sharing
Userlevel 7
+14
There are also some big vulnerabilities in VBR which should be parched immediately (CVSS 9.8): https://www.veeam.com/kb4288
Userlevel 7
+8
thx for sharing, for a what a news on monday morning
Severity: Critical
CVSS v3 score: 9.8
Userlevel 7
+12
thx for sharing, for a what a news on monday morning
Severity: Critical
CVSS v3 score: 9.8
That was Saturday evening news for me. I have stopped the distribution service on all of our critical environments immediately :)
Userlevel 7
+8
thx for sharing, for a what a news on monday morning
Severity: Critical
CVSS v3 score: 9.8
That was Saturday evening news for me. I have stopped the distribution service on all of our critical environments immediately :)
What a nice saturday night for you! I think the emergency will depend if your infra is exposed 
but patch quickly anyway
Userlevel 7
+12
thx for sharing, for a what a news on monday morning
Severity: Critical
CVSS v3 score: 9.8
That was Saturday evening news for me. I have stopped the distribution service on all of our critical environments immediately :)
What a nice saturday night for you! I think the emergency will depend if your infra is exposed but patch quickly anyway
Patching will be planned for this week.
The Distribution Service on Port 9380 is listening on each VBR server by default. Not all environments have closed this port on their firewall or have a dedicated subnet where the vbr server is installed. I thinking of small customers with only a few machines to backup. So better disable the service until there is a maintenance window to patch the product. :)
If this vulnerability is somehow used to gain access to the vbr server, the entire credential database can be exported. All domain and hypervisor Accounts would be available to the hacker.
Userlevel 7
+8
Good suggestions
Userlevel 7
+7
- Temporary mitigation of the vulnerabilities: Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.
confirm this fix temp the vul?
Userlevel 7
+12
- Temporary mitigation of the vulnerabilities: Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.
confirm this fix temp the vul?
Yes, the issue lies in the Distribution Service.
If you disable the Service, the Port 9380 is shutdown and cannot be used from the network to overtake the vbr or distribution server.
Userlevel 7
+7
Thx
Send magic powershell command for stop & disable bugged service :D
Comment
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.