#1 Global Leader in Data Resilience

Veeam Backup & Replication Local Privilege Escalation Vulnerability

KB ID: 2180
Product: Veeam Backup & Replication
Version: 6.x, 7.x, 8.0
Published: 2016-10-17
Last Modified: 2020-08-13
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Challenge

The vulnerability allows any local Windows user with low privileges, such as the ones provided to an anonymous IIS's virtualhost user, to access Veeam Backup logfiles and extract the password, used to run Veeam components, which is stored as a doublebase64 encoded string.

Cause

The affected component is VeeamVixProxy, created by default on installation and configured to run with a privileged Local Administrator or a Domain Administrator account.

Using such accounts is correct and required for the components to run properly, as stated by the userguide and wizard prompts for adding a VMware or HyperV Backup Proxies:

"Type in an account with local administrator privileges
on the server you are adding. Use DOMAIN\USER format for domain
accounts, or HOST\USER for local accounts."


We conservatively refer to this issue as a Local Administrator Privilege Escalation but the use of Domain Administrator accounts for Veeam is not discouraged, if not advised, and this is a common pattern in production.

Solution

Update Veeam Backup & Replication to version 8.0 Update 3 or 9.x.

Workaround for operating systems on your virtual machines:

If Veeam B&R is installed on a Windows 2003 environment, change the access permissions on %alluserprofile%\Application Data\Veeam\Backup and subdirectories, so that only members of the "Administrators" group can read it.

If Veeam B&R is installed on Windows 2008 and newer, change the access permissions on %programdata%\Veeam\Backup\ and subdirectories, so that only members of the "Administrators" group can read it.

 

More Information

kbSecBulletin, Local Privilege Escalation, CVE20155742
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.