Veeam Backup Products Man-in-the-Middle Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in the Veeam Updater component of several Veeam backup products, including Veeam Backup for Salesforce, Veeam Backup for Nutanix AHV, Veeam Backup for AWS, Veeam Backup for Microsoft Azure, Veeam Backup for Google Cloud, and Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization. This vulnerability allows Man-in-the-Middle attackers to execute arbitrary code on the affected server, due to improper validation of TLS certificates. The vulnerability affects Veeam Backup for Salesforce versions 3.1 and older, as well as older releases of the other mentioned products that utilize an older Veeam Updater component known to be vulnerable.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected server with root-level permissions.

Remediation

The vulnerability has been addressed in Veeam Updater component version 9.0.0.1124 for Veeam Backup for Salesforce. For Veeam Backup for Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and Oracle Linux Virtualization Manager and Red Hat Virtualization, the vulnerability was resolved in Veeam Updater component version 9.0.0.1125, 9.0.0.1126, 9.0.0.1128, 9.0.0.1126, and 9.0.0.1127 respectively. Users should check their Veeam Updater version and update if necessary.