#1 Global Leader in Data Protection & Ransomware Recovery

Veeam ONE Remote Code Execution Vulnerabilities

KB ID: 3144
Product: Veeam ONE
Version: 9.5 U4, 9.5 U4a, 10
Published: 2020-04-15
Last Modified: 2020-08-13
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup & Replication servers allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.
Severity: critical
CVSS v3 score: 9.8

Cause

Veeam ONE Agent uses .NET data serialization mechanisms. The remote attacker may send malicious code to the TCP port opened by Veeam ONE Agent (TCP 2805 by default) which will not be deserialized properly. The deserialization of untrusted data is performed during TLS Handshake (vulnerability tracked as ZDI-CAN-10400 and CVE-2020-10914) and during logging of error messages (vulnerability tracked as ZDI-CAN-10401 and CVE-2020-10915).

Solution

Hotfixes are available for the following Veeam ONE versions:
  • 10 (build 10.0.0.750)
  • 9.5 Update 4a (build 9.5.4.4587) 
NOTE: These hotfixes are not compatible with version 9.5 Update 4 (build 9.5.4.4566). Customers running this version are advised to upgrade to version 10 or 9.5 Update 4a using updated ISO images.

The hotfix must be installed on the Veeam ONE server. Veeam ONE Agents on the Veeam Backup & Replication servers will be updated automatically after installing the hotfix. After applying the updates your Veeam ONE Agent version will be 10.0.1.750 on Veeam ONE version 10 servers and 9.5.5.4587 on Veeam ONE 9.5 Update 4a servers.

User-added image

Please note, that all new deployments of Veeam ONE version 10 and version 9.5 Update 4a installed using the ISO images downloaded after 04/15/2020 are not vulnerable.

More Information

These vulnerabilities were discovered by:
Michael Zanetta & Edgar Boda-Majer from Bugscale working with Trend Micro Zero Day Initiative.

DOWNLOAD HOTFIX FOR Veeam ONE 10


MD5: 39ca33e5c9c0fec534ad5d2e87987985
SHA1: f42676d7997d57504944f02116e842b7ce4f3358

DOWNLOAD HOTFIX FOR Veeam ONE 9.5 U4a


MD5: 89817e0eeac0d0434218b928a1d0e918
SHA1: a78af22d463be8c0d2255cfdf732f210298a251d

 
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.