CVE-2022-26503

Name of the Vulnerable Software and Affected Versions Veeam Agent for Windows versions 2.0 through 5.x

Description The issue is related to the deserialization of untrusted data, which can be exploited by sending specially crafted data through TCP-port 9395. This allows local users to run arbitrary code with local system privileges.

Recommendations For versions 2.0 through 5.x, consider disabling the deserialization mechanism until a patch is available. Restrict access to TCP-port 9395 to minimize the risk of exploitation. Avoid using untrusted data in the deserialization process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.