This article documents a vulnerability discovered in Veeam Service Provider Console.
This vulnerability does not affect other Veeam products (e.g., Veeam Backup & Replication, Veeam Agent for Microsoft Windows, Veeam ONE).
All vulnerabilities disclosed in this section affect Veeam Service Provider Console 8.1.0.21377 and all earlier versions 8 and 7 builds.
Note: Private fixes for the Veeam Service Provider Console increase the build number. Therefore, if a private fix has been applied, the deployed build number may exceed the GA build number mentioned above. In such instances, any deployed build number lower than the build reference in the Solution section should be considered affected.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Severity: Critical
CVSS v3.1 Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: Discovered during internal testing.
From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine.
Severity: High
CVSS v3.1 Score: 7.1CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: Discovered during internal testing.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case