PT-2020-14475 · Veeam · Veeam Backup & Replication+1

Published

2020-07-03

Updated

2021-07-21

CVE-2020-15518

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Veeam Availability Suite versions prior to 10 Veeam Backup & Replication versions prior to 10

Description The issue is related to the VeeamFSR.sys driver, which has no device object DACL. This allows unprivileged users to achieve total control over filesystem I/O requests.

Recommendations For Veeam Availability Suite versions prior to 10, update to version 10 or later to resolve the issue. For Veeam Backup & Replication versions prior to 10, update to version 10 or later to resolve the issue.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2020-15518

Affected Products

Veeam Availability Suite

Veeam Backup & Replication

PT-2020-14475 · Veeam · Veeam Backup & Replication+1

CVE-2020-15518

Weakness Enumeration

Related Identifiers

Affected Products

References · 4