Executive Summary

This vulnerability is a Local Privilege Escalation issue in Veeam Agent for Microsoft Windows (versions 6.3.2.1205 and earlier 6.x builds). It occurs when a system administrator is tricked into restoring a malicious file, which then allows an attacker to escalate their privileges on the affected system. It requires local access, low attack complexity, some privileges, and user interaction to exploit. [1]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can allow an attacker to gain higher privileges on the affected system, potentially leading to full control over the system. This impacts the confidentiality, integrity, and availability of the system, meaning sensitive data could be exposed or altered, and system operations could be disrupted. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection involves verifying the installed version of Veeam Agent for Microsoft Windows. You can check the version by running commands such as 'veeamconfig version' or checking the application version in the Control Panel or via PowerShell. If the version is 6.3.2.1205 or earlier 6.x builds, the system is vulnerable. There are no specific network detection commands since this is a local privilege escalation vulnerability requiring local access and user interaction. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update Veeam Agent for Microsoft Windows to build 6.3.2.1302 or later, where the vulnerability is fixed. Additionally, avoid restoring files from untrusted sources to prevent exploitation via malicious files. [1]

Useful 0 Not Useful 0